npm - @contractspec/bundle.library - Versions diffs - 3.8.12 → 3.9.2 - Mend

@contractspec/bundle.library 3.8.12 → 3.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (683) hide show

package/dist/components/docs/safety/SafetyAuditingPage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import A from"@contractspec/lib.ui-link";import{ChevronRight as B}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function F(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Audit Logs"}),z("p",{className:"text-muted-foreground",children:["An ",q("strong",{children:"audit log"})," (also called an audit trail) is a chronological record of system activities. According to"," ",q("a",{href:"https://www.sumologic.com/glossary/audit-log/",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Sumo Logic"}),', audit logs "provide a detailed record of events and changes within a system, enabling organizations to track user actions, system changes, and access to sensitive data."']})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Why audit logs matter"}),z("div",{className:"space-y-3",children:[z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Accountability"}),q("p",{className:"text-muted-foreground",children:'Audit logs answer the question "who did what, when?" This is essential for holding users and administrators accountable for their actions. If data is deleted or modified, the audit log shows exactly who made the change.'})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Security"}),q("p",{className:"text-muted-foreground",children:"Audit logs help detect and investigate security incidents. For example, if an attacker gains unauthorized access, the logs reveal which resources they accessed and what actions they performed. This information is critical for incident response and forensics."})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Compliance"}),q("p",{className:"text-muted-foreground",children:"Many regulations (GDPR, HIPAA, SOC 2, PCI DSS) require organizations to maintain audit logs. These logs must be tamper-evident, retained for a specified period, and available for inspection by auditors."})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Debugging"}),q("p",{className:"text-muted-foreground",children:"When something goes wrong in production, audit logs provide a detailed timeline of events leading up to the failure. This makes it much easier to diagnose and fix issues."})]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"What ContractSpec logs"}),q("p",{className:"text-muted-foreground",children:"ContractSpec automatically logs every significant operation, including:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"API calls"})," \u2013 Every invocation of a capability, including inputs, outputs, and the user who made the call."]}),z("li",{children:[q("strong",{children:"Policy decisions"})," \u2013 Every decision made by the"," ",q(A,{href:"/docs/safety/pdp",className:"text-violet-400 hover:text-violet-300",children:"Policy Decision Point"}),", including the rule that matched and the reason for the decision."]}),z("li",{children:[q("strong",{children:"Data access"})," \u2013 Every query to a data view, including which fields were accessed and whether any were redacted."]}),z("li",{children:[q("strong",{children:"Workflow execution"})," \u2013 Every step in a workflow, including retries, compensations, and failures."]}),z("li",{children:[q("strong",{children:"Administrative actions"})," \u2013 Spec deployments, configuration changes, user role assignments, and other privileged operations."]}),z("li",{children:[q("strong",{children:"Authentication events"})," \u2013 Login attempts, password resets, and session expirations."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Audit log format"}),q("p",{className:"text-muted-foreground",children:"Each audit log entry is a structured JSON object containing:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`{
+var F=Object.defineProperty;var G=(A)=>A;function H(A,B){this[A]=G.bind(null,B)}var J=(A,B)=>{for(var D in B)F(A,D,{get:B[D],enumerable:!0,configurable:!0,set:H.bind(B,D)})};var K=(A,B)=>()=>(A&&(B=A(A=0)),B);import E from"@contractspec/lib.ui-link";import{ChevronRight as I}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function P(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Audit Logs"}),z("p",{className:"text-muted-foreground",children:["An ",q("strong",{children:"audit log"})," (also called an audit trail) is a chronological record of system activities. According to"," ",q("a",{href:"https://www.sumologic.com/glossary/audit-log/",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Sumo Logic"}),', audit logs "provide a detailed record of events and changes within a system, enabling organizations to track user actions, system changes, and access to sensitive data."']})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Why audit logs matter"}),z("div",{className:"space-y-3",children:[z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Accountability"}),q("p",{className:"text-muted-foreground",children:'Audit logs answer the question "who did what, when?" This is essential for holding users and administrators accountable for their actions. If data is deleted or modified, the audit log shows exactly who made the change.'})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Security"}),q("p",{className:"text-muted-foreground",children:"Audit logs help detect and investigate security incidents. For example, if an attacker gains unauthorized access, the logs reveal which resources they accessed and what actions they performed. This information is critical for incident response and forensics."})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Compliance"}),q("p",{className:"text-muted-foreground",children:"Many regulations (GDPR, HIPAA, SOC 2, PCI DSS) require organizations to maintain audit logs. These logs must be tamper-evident, retained for a specified period, and available for inspection by auditors."})]}),z("div",{children:[q("h3",{className:"font-semibold text-lg",children:"Debugging"}),q("p",{className:"text-muted-foreground",children:"When something goes wrong in production, audit logs provide a detailed timeline of events leading up to the failure. This makes it much easier to diagnose and fix issues."})]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"What ContractSpec logs"}),q("p",{className:"text-muted-foreground",children:"ContractSpec automatically logs every significant operation, including:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"API calls"})," \u2013 Every invocation of a capability, including inputs, outputs, and the user who made the call."]}),z("li",{children:[q("strong",{children:"Policy decisions"})," \u2013 Every decision made by the"," ",q(E,{href:"/docs/safety/pdp",className:"text-violet-400 hover:text-violet-300",children:"Policy Decision Point"}),", including the rule that matched and the reason for the decision."]}),z("li",{children:[q("strong",{children:"Data access"})," \u2013 Every query to a data view, including which fields were accessed and whether any were redacted."]}),z("li",{children:[q("strong",{children:"Workflow execution"})," \u2013 Every step in a workflow, including retries, compensations, and failures."]}),z("li",{children:[q("strong",{children:"Administrative actions"})," \u2013 Spec deployments, configuration changes, user role assignments, and other privileged operations."]}),z("li",{children:[q("strong",{children:"Authentication events"})," \u2013 Login attempts, password resets, and session expirations."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Audit log format"}),q("p",{className:"text-muted-foreground",children:"Each audit log entry is a structured JSON object containing:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`{
   "timestamp": "2025-11-13T14:32:15.123Z",
   "eventId": "evt_abc123",
   "eventType": "capability.invoked",
@@ -30,4 +30,4 @@ import A from"@contractspec/lib.ui-link";import{ChevronRight as B}from"lucide-re
     "ruleId": "allow-admin-transfers",
     "reason": "User has admin role"
   }
-}`})})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Storage and retention"}),q("p",{className:"text-muted-foreground",children:"Audit logs are stored in a tamper-evident append-only log. Once written, entries cannot be modified or deleted. This ensures the integrity of the audit trail."}),q("p",{className:"text-muted-foreground",children:"ContractSpec supports multiple storage backends:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Local file system"})," \u2013 For development and testing."]}),z("li",{children:[q("strong",{children:"Cloud object storage"})," \u2013 S3, GCS, or Azure Blob Storage for production."]}),z("li",{children:[q("strong",{children:"SIEM integration"})," \u2013 Forward logs to Splunk, Datadog, or other security information and event management systems."]})]}),q("p",{className:"text-muted-foreground",children:"You can configure retention policies to automatically archive or delete old logs after a specified period (e.g., 7 years for GDPR compliance)."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Querying audit logs"}),q("p",{className:"text-muted-foreground",children:"ContractSpec provides a query API for searching audit logs. You can filter by:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Time range"}),q("li",{children:"Event type"}),q("li",{children:"Actor (user ID, role, IP address)"}),q("li",{children:"Resource (capability, data view, workflow)"}),q("li",{children:"Result (success, failure, denied)"})]}),q("p",{className:"text-muted-foreground",children:'Example query: "Show all failed login attempts from IP address 203.0.113.42 in the last 24 hours."'})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Best practices"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Review logs regularly"})," \u2013 Set up alerts for suspicious activity (e.g., repeated failed login attempts, unauthorized access attempts)."]}),z("li",{children:[q("strong",{children:"Protect log access"})," \u2013 Only authorized personnel should be able to view audit logs. Use role-based access control to restrict access."]}),z("li",{children:[q("strong",{children:"Retain logs long enough"})," \u2013 Check your compliance requirements and configure retention policies accordingly."]}),z("li",{children:[q("strong",{children:"Test log integrity"})," \u2013 Periodically verify that logs have not been tampered with by checking cryptographic signatures."]})]})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(A,{href:"/docs/safety/pdp",className:"btn-ghost",children:"Previous: Policy Decision Points"}),z(A,{href:"/docs/safety/migrations",className:"btn-primary",children:["Next: Migrations ",q(B,{size:16})]})]})]})}export{F as SafetyAuditingPage};
+}`})})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Storage and retention"}),q("p",{className:"text-muted-foreground",children:"Audit logs are stored in a tamper-evident append-only log. Once written, entries cannot be modified or deleted. This ensures the integrity of the audit trail."}),q("p",{className:"text-muted-foreground",children:"ContractSpec supports multiple storage backends:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Local file system"})," \u2013 For development and testing."]}),z("li",{children:[q("strong",{children:"Cloud object storage"})," \u2013 S3, GCS, or Azure Blob Storage for production."]}),z("li",{children:[q("strong",{children:"SIEM integration"})," \u2013 Forward logs to Splunk, Datadog, or other security information and event management systems."]})]}),q("p",{className:"text-muted-foreground",children:"You can configure retention policies to automatically archive or delete old logs after a specified period (e.g., 7 years for GDPR compliance)."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Querying audit logs"}),q("p",{className:"text-muted-foreground",children:"ContractSpec provides a query API for searching audit logs. You can filter by:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Time range"}),q("li",{children:"Event type"}),q("li",{children:"Actor (user ID, role, IP address)"}),q("li",{children:"Resource (capability, data view, workflow)"}),q("li",{children:"Result (success, failure, denied)"})]}),q("p",{className:"text-muted-foreground",children:'Example query: "Show all failed login attempts from IP address 203.0.113.42 in the last 24 hours."'})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Best practices"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Review logs regularly"})," \u2013 Set up alerts for suspicious activity (e.g., repeated failed login attempts, unauthorized access attempts)."]}),z("li",{children:[q("strong",{children:"Protect log access"})," \u2013 Only authorized personnel should be able to view audit logs. Use role-based access control to restrict access."]}),z("li",{children:[q("strong",{children:"Retain logs long enough"})," \u2013 Check your compliance requirements and configure retention policies accordingly."]}),z("li",{children:[q("strong",{children:"Test log integrity"})," \u2013 Periodically verify that logs have not been tampered with by checking cryptographic signatures."]})]})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(E,{href:"/docs/safety/pdp",className:"btn-ghost",children:"Previous: Policy Decision Points"}),z(E,{href:"/docs/safety/migrations",className:"btn-primary",children:["Next: Migrations ",q(I,{size:16})]})]})]})}export{P as SafetyAuditingPage};

package/dist/components/docs/safety/SafetyMigrationsPage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import A from"@contractspec/lib.ui-link";import{ChevronRight as B}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function F(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Migrations"}),z("p",{className:"text-muted-foreground",children:["A ",q("strong",{children:"schema migration"})," (also called a database migration) is a set of incremental, reversible changes to a database schema. According to"," ",q("a",{href:"https://en.wikipedia.org/wiki/Schema_migration",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Wikipedia"}),`, schema migrations "allow the database schema to evolve as the application's requirements change, while preserving existing data."`]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Why migrations matter"}),q("p",{className:"text-muted-foreground",children:"As your application evolves, you'll need to change your data model\u2014adding new fields, renaming tables, changing data types, or restructuring relationships. Without a disciplined approach, these changes can lead to:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Data loss or corruption"}),q("li",{children:"Downtime during deployments"}),q("li",{children:"Inconsistencies between environments (dev, staging, production)"}),q("li",{children:"Difficulty rolling back failed changes"})]}),q("p",{className:"text-muted-foreground",children:"Migrations solve these problems by treating schema changes as versioned, tested, and reversible operations."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"How MigrationSpec works"}),z("p",{className:"text-muted-foreground",children:["In ContractSpec, migrations are defined using"," ",q("strong",{children:"MigrationSpec"}),". Each migration has:"]}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Version"}),' \u2013 A unique identifier (e.g., "2025-11-13-001") that determines the order of execution.']}),z("li",{children:[q("strong",{children:"Up function"}),` \u2013 The forward migration that applies the change (e.g., "add column 'email_verified'").`]}),z("li",{children:[q("strong",{children:"Down function"}),` \u2013 The reverse migration that undoes the change (e.g., "drop column 'email_verified'").`]}),z("li",{children:[q("strong",{children:"Dependencies"})," \u2013 Other migrations that must run before this one."]}),z("li",{children:[q("strong",{children:"Validation"}),' \u2013 Optional checks to ensure the migration succeeded (e.g., "verify all users have an email address").']})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Example MigrationSpec"}),q("p",{className:"text-muted-foreground",children:"Here's a migration that adds an email verification field to the users table:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`migrationId: add-email-verified
+var F=Object.defineProperty;var G=(A)=>A;function H(A,B){this[A]=G.bind(null,B)}var J=(A,B)=>{for(var D in B)F(A,D,{get:B[D],enumerable:!0,configurable:!0,set:H.bind(B,D)})};var K=(A,B)=>()=>(A&&(B=A(A=0)),B);import E from"@contractspec/lib.ui-link";import{ChevronRight as I}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function Q(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Migrations"}),z("p",{className:"text-muted-foreground",children:["A ",q("strong",{children:"schema migration"})," (also called a database migration) is a set of incremental, reversible changes to a database schema. According to"," ",q("a",{href:"https://en.wikipedia.org/wiki/Schema_migration",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Wikipedia"}),`, schema migrations "allow the database schema to evolve as the application's requirements change, while preserving existing data."`]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Why migrations matter"}),q("p",{className:"text-muted-foreground",children:"As your application evolves, you'll need to change your data model\u2014adding new fields, renaming tables, changing data types, or restructuring relationships. Without a disciplined approach, these changes can lead to:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Data loss or corruption"}),q("li",{children:"Downtime during deployments"}),q("li",{children:"Inconsistencies between environments (dev, staging, production)"}),q("li",{children:"Difficulty rolling back failed changes"})]}),q("p",{className:"text-muted-foreground",children:"Migrations solve these problems by treating schema changes as versioned, tested, and reversible operations."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"How MigrationSpec works"}),z("p",{className:"text-muted-foreground",children:["In ContractSpec, migrations are defined using"," ",q("strong",{children:"MigrationSpec"}),". Each migration has:"]}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Version"}),' \u2013 A unique identifier (e.g., "2025-11-13-001") that determines the order of execution.']}),z("li",{children:[q("strong",{children:"Up function"}),` \u2013 The forward migration that applies the change (e.g., "add column 'email_verified'").`]}),z("li",{children:[q("strong",{children:"Down function"}),` \u2013 The reverse migration that undoes the change (e.g., "drop column 'email_verified'").`]}),z("li",{children:[q("strong",{children:"Dependencies"})," \u2013 Other migrations that must run before this one."]}),z("li",{children:[q("strong",{children:"Validation"}),' \u2013 Optional checks to ensure the migration succeeded (e.g., "verify all users have an email address").']})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Example MigrationSpec"}),q("p",{className:"text-muted-foreground",children:"Here's a migration that adds an email verification field to the users table:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`migrationId: add-email-verified
 version: 2025-11-13-001
 dependencies: []
@@ -22,4 +22,4 @@ validation:
   - sql: |
       SELECT COUNT(*) FROM users
       WHERE email_verified IS NULL;
-    expectZeroRows: true`})})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Running migrations"}),q("p",{className:"text-muted-foreground",children:"Migrations are applied automatically during deployment. The ContractSpec runtime:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Checks which migrations have already been applied (stored in a migrations table)."}),q("li",{children:"Identifies new migrations that need to run."}),q("li",{children:"Executes them in order, respecting dependencies."}),q("li",{children:"Runs validation checks to ensure success."}),q("li",{children:"Records the migration as applied."})]}),q("p",{className:"text-muted-foreground",children:"If a migration fails, the deployment is aborted, and the system remains in its previous state. You can then fix the migration and redeploy."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Rolling back migrations"}),z("p",{className:"text-muted-foreground",children:["If you need to roll back a deployment, ContractSpec automatically runs the ",q("strong",{children:"down"})," functions of any migrations that were applied. This restores the database to its previous state."]}),q("p",{className:"text-muted-foreground",children:"Note that rollbacks are not always possible\u2014for example, if you've deleted a column, you cannot recover the data unless you have a backup. For destructive changes, it's best to use a multi-step migration:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Add the new column (reversible)."}),q("li",{children:"Backfill data from the old column to the new column (reversible)."}),q("li",{children:"Update application code to use the new column (reversible)."}),q("li",{children:"Drop the old column (irreversible\u2014only do this after confirming the new column works)."})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Best practices"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Test migrations locally"})," \u2013 Run them against a copy of production data to catch issues before deploying."]}),z("li",{children:[q("strong",{children:"Keep migrations small"})," \u2013 Each migration should do one thing. This makes them easier to understand and roll back."]}),z("li",{children:[q("strong",{children:"Write reversible migrations"})," \u2013 Always provide a down function, even if you don't plan to roll back."]}),z("li",{children:[q("strong",{children:"Use transactions"})," \u2013 Wrap migrations in database transactions so they either fully succeed or fully fail."]}),z("li",{children:[q("strong",{children:"Avoid destructive changes"})," \u2013 Prefer additive changes (adding columns) over destructive ones (dropping columns). If you must delete data, archive it first."]}),z("li",{children:[q("strong",{children:"Version your migrations"})," \u2013 Use timestamps or sequential numbers to ensure migrations run in the correct order."]}),z("li",{children:[q("strong",{children:"Document breaking changes"})," \u2013 If a migration requires application code changes, note this in the migration description."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Zero-downtime migrations"}),q("p",{className:"text-muted-foreground",children:"Some migrations can cause downtime if not handled carefully. For example, adding a NOT NULL column to a large table can lock the table for minutes. To avoid this, use a multi-step approach:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Add the column as nullable."}),q("li",{children:"Backfill the column in batches (without locking the table)."}),q("li",{children:"Add the NOT NULL constraint once all rows are populated."})]}),q("p",{className:"text-muted-foreground",children:"ContractSpec's migration system supports this pattern by allowing you to split a logical change into multiple versioned migrations."})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(A,{href:"/docs/safety/auditing",className:"btn-ghost",children:"Previous: Audit Logs"}),z(A,{href:"/docs/advanced/renderers",className:"btn-primary",children:["Next: Advanced Topics ",q(B,{size:16})]})]})]})}export{F as SafetyMigrationsPage};
+    expectZeroRows: true`})})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Running migrations"}),q("p",{className:"text-muted-foreground",children:"Migrations are applied automatically during deployment. The ContractSpec runtime:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Checks which migrations have already been applied (stored in a migrations table)."}),q("li",{children:"Identifies new migrations that need to run."}),q("li",{children:"Executes them in order, respecting dependencies."}),q("li",{children:"Runs validation checks to ensure success."}),q("li",{children:"Records the migration as applied."})]}),q("p",{className:"text-muted-foreground",children:"If a migration fails, the deployment is aborted, and the system remains in its previous state. You can then fix the migration and redeploy."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Rolling back migrations"}),z("p",{className:"text-muted-foreground",children:["If you need to roll back a deployment, ContractSpec automatically runs the ",q("strong",{children:"down"})," functions of any migrations that were applied. This restores the database to its previous state."]}),q("p",{className:"text-muted-foreground",children:"Note that rollbacks are not always possible\u2014for example, if you've deleted a column, you cannot recover the data unless you have a backup. For destructive changes, it's best to use a multi-step migration:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Add the new column (reversible)."}),q("li",{children:"Backfill data from the old column to the new column (reversible)."}),q("li",{children:"Update application code to use the new column (reversible)."}),q("li",{children:"Drop the old column (irreversible\u2014only do this after confirming the new column works)."})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Best practices"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Test migrations locally"})," \u2013 Run them against a copy of production data to catch issues before deploying."]}),z("li",{children:[q("strong",{children:"Keep migrations small"})," \u2013 Each migration should do one thing. This makes them easier to understand and roll back."]}),z("li",{children:[q("strong",{children:"Write reversible migrations"})," \u2013 Always provide a down function, even if you don't plan to roll back."]}),z("li",{children:[q("strong",{children:"Use transactions"})," \u2013 Wrap migrations in database transactions so they either fully succeed or fully fail."]}),z("li",{children:[q("strong",{children:"Avoid destructive changes"})," \u2013 Prefer additive changes (adding columns) over destructive ones (dropping columns). If you must delete data, archive it first."]}),z("li",{children:[q("strong",{children:"Version your migrations"})," \u2013 Use timestamps or sequential numbers to ensure migrations run in the correct order."]}),z("li",{children:[q("strong",{children:"Document breaking changes"})," \u2013 If a migration requires application code changes, note this in the migration description."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Zero-downtime migrations"}),q("p",{className:"text-muted-foreground",children:"Some migrations can cause downtime if not handled carefully. For example, adding a NOT NULL column to a large table can lock the table for minutes. To avoid this, use a multi-step approach:"}),z("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[q("li",{children:"Add the column as nullable."}),q("li",{children:"Backfill the column in batches (without locking the table)."}),q("li",{children:"Add the NOT NULL constraint once all rows are populated."})]}),q("p",{className:"text-muted-foreground",children:"ContractSpec's migration system supports this pattern by allowing you to split a logical change into multiple versioned migrations."})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(E,{href:"/docs/safety/auditing",className:"btn-ghost",children:"Previous: Audit Logs"}),z(E,{href:"/docs/advanced/renderers",className:"btn-primary",children:["Next: Advanced Topics ",q(I,{size:16})]})]})]})}export{Q as SafetyMigrationsPage};

package/dist/components/docs/safety/SafetyOverviewPage.js CHANGED Viewed

@@ -1,2 +1,2 @@
 // @bun
-import i from"@contractspec/lib.ui-link";import{jsx as e,jsxs as t}from"react/jsx-runtime";var s=[{title:"Spec signing",body:"Protect the integrity of what gets deployed and make changes verifiable.",href:"/docs/safety/signing"},{title:"Policy decision points",body:"Apply governance consistently across operations, data access, and generated surfaces.",href:"/docs/safety/pdp"},{title:"Audit trails",body:"Record operational and policy decisions with enough context to inspect and explain them later.",href:"/docs/safety/auditing"},{title:"Migrations",body:"Evolve data and schema boundaries without losing control of the system.",href:"/docs/safety/migrations"},{title:"Tenant isolation",body:"Keep configuration, access rules, and sensitive data bounded by tenant.",href:"/docs/safety/tenant-isolation"},{title:"Security and trust",body:"Understand the trust model, release process, and security expectations around the OSS system.",href:"/docs/safety/security-trust"}];function o(){return t("div",{className:"space-y-10",children:[t("div",{className:"space-y-3",children:[e("p",{className:"editorial-kicker",children:"Operate"}),e("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Safety is part of the system model, not an afterthought."}),e("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:"ContractSpec is meant to survive real change: new generated surfaces, policy updates, migrations, integration churn, and operator handoffs. The safety layer makes those changes inspectable, reversible, and governed."})]}),t("div",{className:"editorial-proof-strip",children:[t("div",{className:"editorial-stat",children:[e("span",{className:"editorial-label",children:"Operating rule"}),e("span",{className:"editorial-stat-value",children:"explicit change beats hidden mutation"})]}),e("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Use policies, signing, audit trails, and migrations to keep the system legible even as AI-assisted workflows accelerate change volume."})]}),e("div",{className:"grid gap-4 md:grid-cols-2",children:s.map((a)=>t(i,{href:a.href,className:"editorial-panel",children:[e("h2",{className:"font-semibold text-xl",children:a.title}),e("p",{className:"mt-2 text-muted-foreground text-sm leading-7",children:a.body})]},a.href))})]})}export{o as SafetyOverviewPage};
+var n=Object.defineProperty;var o=(e)=>e;function r(e,a){this[e]=o.bind(null,a)}var c=(e,a)=>{for(var s in a)n(e,s,{get:a[s],enumerable:!0,configurable:!0,set:r.bind(a,s)})};var m=(e,a)=>()=>(e&&(a=e(e=0)),a);import d from"@contractspec/lib.ui-link";import{jsx as t,jsxs as i}from"react/jsx-runtime";var l=[{title:"Spec signing",body:"Protect the integrity of what gets deployed and make changes verifiable.",href:"/docs/safety/signing"},{title:"Policy decision points",body:"Apply governance consistently across operations, data access, and generated surfaces.",href:"/docs/safety/pdp"},{title:"Audit trails",body:"Record operational and policy decisions with enough context to inspect and explain them later.",href:"/docs/safety/auditing"},{title:"Migrations",body:"Evolve data and schema boundaries without losing control of the system.",href:"/docs/safety/migrations"},{title:"Tenant isolation",body:"Keep configuration, access rules, and sensitive data bounded by tenant.",href:"/docs/safety/tenant-isolation"},{title:"Security and trust",body:"Understand the trust model, release process, and security expectations around the OSS system.",href:"/docs/safety/security-trust"}];function g(){return i("div",{className:"space-y-10",children:[i("div",{className:"space-y-3",children:[t("p",{className:"editorial-kicker",children:"Operate"}),t("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Safety is part of the system model, not an afterthought."}),t("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:"ContractSpec is meant to survive real change: new generated surfaces, policy updates, migrations, integration churn, and operator handoffs. The safety layer makes those changes inspectable, reversible, and governed."})]}),i("div",{className:"editorial-proof-strip",children:[i("div",{className:"editorial-stat",children:[t("span",{className:"editorial-label",children:"Operating rule"}),t("span",{className:"editorial-stat-value",children:"explicit change beats hidden mutation"})]}),t("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Use policies, signing, audit trails, and migrations to keep the system legible even as AI-assisted workflows accelerate change volume."})]}),t("div",{className:"grid gap-4 md:grid-cols-2",children:l.map((e)=>i(d,{href:e.href,className:"editorial-panel",children:[t("h2",{className:"font-semibold text-xl",children:e.title}),t("p",{className:"mt-2 text-muted-foreground text-sm leading-7",children:e.body})]},e.href))})]})}export{g as SafetyOverviewPage};

package/dist/components/docs/safety/SafetyPDPPage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import A from"@contractspec/lib.ui-link";import{ChevronRight as B}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function G(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Policy Decision Points"}),z("p",{className:"text-muted-foreground",children:["A ",q("strong",{children:"Policy Decision Point (PDP)"})," is a centralized component that evaluates access control policies and makes authorization decisions. According to"," ",q("a",{href:"https://www.strongdm.com/blog/policy-decision-point",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"StrongDM"}),', the PDP "receives requests for access to resources, evaluates them against policies, and returns a decision (permit or deny)."']})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"How the PDP works in ContractSpec"}),q("p",{className:"text-muted-foreground",children:"In ContractSpec, the PDP is invoked on every operation\u2014whether it's rendering a UI component, executing a capability, or querying a data view. The flow is:"}),z("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Request evaluation"})," \u2013 The runtime sends a request to the PDP containing:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[q("li",{children:"The user's identity and attributes (roles, groups, location, etc.)"}),q("li",{children:"The resource being accessed (capability, field, workflow step)"}),q("li",{children:"The action being performed (read, write, execute)"}),q("li",{children:"Contextual information (time of day, device type, IP address)"})]})]}),z("li",{children:[q("strong",{children:"Policy evaluation"})," \u2013 The PDP evaluates the request against all applicable ",q("strong",{children:"PolicySpecs"}),". These specs define rules using attribute-based access control (ABAC) and can reference:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[q("li",{children:`User attributes (e.g., "role == 'admin'")`}),q("li",{children:`Resource attributes (e.g., "field.sensitivity == 'PII'")`}),q("li",{children:'Environmental attributes (e.g., "time.hour >= 9 AND time.hour < 17")'})]})]}),z("li",{children:[q("strong",{children:"Decision return"})," \u2013 The PDP returns one of:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"PERMIT"})," ","\u2013 The operation is allowed."]}),z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"DENY"})," ","\u2013 The operation is blocked."]}),z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"REDACT"})," ","\u2013 The operation is allowed, but sensitive fields are masked."]})]})]}),z("li",{children:[q("strong",{children:"Enforcement"})," \u2013 The runtime enforces the decision. If denied, the operation fails with a clear error message. If redacted, sensitive fields are replaced with placeholders."]}),z("li",{children:[q("strong",{children:"Auditing"})," \u2013 Every PDP decision is logged to the"," ",q(A,{href:"/docs/safety/auditing",className:"text-violet-400 hover:text-violet-300",children:"audit log"}),", including the request, decision, and reasoning."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Example PolicySpec"}),q("p",{className:"text-muted-foreground",children:"Here's a simple policy that restricts access to PII fields:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`policyId: pii-access-control
+var G=Object.defineProperty;var H=(A)=>A;function I(A,B){this[A]=H.bind(null,B)}var K=(A,B)=>{for(var E in B)G(A,E,{get:B[E],enumerable:!0,configurable:!0,set:I.bind(B,E)})};var M=(A,B)=>()=>(A&&(B=A(A=0)),B);import F from"@contractspec/lib.ui-link";import{ChevronRight as J}from"lucide-react";import{jsx as q,jsxs as z}from"react/jsx-runtime";function T(){return z("div",{className:"space-y-8",children:[z("div",{className:"space-y-4",children:[q("h1",{className:"font-bold text-4xl",children:"Policy Decision Points"}),z("p",{className:"text-muted-foreground",children:["A ",q("strong",{children:"Policy Decision Point (PDP)"})," is a centralized component that evaluates access control policies and makes authorization decisions. According to"," ",q("a",{href:"https://www.strongdm.com/blog/policy-decision-point",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"StrongDM"}),', the PDP "receives requests for access to resources, evaluates them against policies, and returns a decision (permit or deny)."']})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"How the PDP works in ContractSpec"}),q("p",{className:"text-muted-foreground",children:"In ContractSpec, the PDP is invoked on every operation\u2014whether it's rendering a UI component, executing a capability, or querying a data view. The flow is:"}),z("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Request evaluation"})," \u2013 The runtime sends a request to the PDP containing:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[q("li",{children:"The user's identity and attributes (roles, groups, location, etc.)"}),q("li",{children:"The resource being accessed (capability, field, workflow step)"}),q("li",{children:"The action being performed (read, write, execute)"}),q("li",{children:"Contextual information (time of day, device type, IP address)"})]})]}),z("li",{children:[q("strong",{children:"Policy evaluation"})," \u2013 The PDP evaluates the request against all applicable ",q("strong",{children:"PolicySpecs"}),". These specs define rules using attribute-based access control (ABAC) and can reference:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[q("li",{children:`User attributes (e.g., "role == 'admin'")`}),q("li",{children:`Resource attributes (e.g., "field.sensitivity == 'PII'")`}),q("li",{children:'Environmental attributes (e.g., "time.hour >= 9 AND time.hour < 17")'})]})]}),z("li",{children:[q("strong",{children:"Decision return"})," \u2013 The PDP returns one of:",z("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"PERMIT"})," ","\u2013 The operation is allowed."]}),z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"DENY"})," ","\u2013 The operation is blocked."]}),z("li",{children:[q("code",{className:"rounded bg-background/50 px-2 py-1",children:"REDACT"})," ","\u2013 The operation is allowed, but sensitive fields are masked."]})]})]}),z("li",{children:[q("strong",{children:"Enforcement"})," \u2013 The runtime enforces the decision. If denied, the operation fails with a clear error message. If redacted, sensitive fields are replaced with placeholders."]}),z("li",{children:[q("strong",{children:"Auditing"})," \u2013 Every PDP decision is logged to the"," ",q(F,{href:"/docs/safety/auditing",className:"text-violet-400 hover:text-violet-300",children:"audit log"}),", including the request, decision, and reasoning."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Example PolicySpec"}),q("p",{className:"text-muted-foreground",children:"Here's a simple policy that restricts access to PII fields:"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`policyId: pii-access-control
 version: '1.0.0'.0.0
 rules:
   - id: allow-admin-full-access
@@ -17,4 +17,4 @@ rules:
     effect: DENY
     condition: |
       user.role NOT IN ['admin', 'support'] AND
-      field.sensitivity == 'PII'`})}),q("p",{className:"text-muted-foreground",children:"With this policy, admins see all data, support staff see redacted PII, and other users cannot access PII at all."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Benefits of centralized decision-making"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Consistency"})," \u2013 Policies are enforced uniformly across all surfaces (API, UI, workflows)."]}),z("li",{children:[q("strong",{children:"Auditability"})," \u2013 Every decision is logged, making it easy to trace why access was granted or denied."]}),z("li",{children:[q("strong",{children:"Flexibility"})," \u2013 Policies can be updated without changing application code."]}),z("li",{children:[q("strong",{children:"Security"})," \u2013 Reduces the risk of authorization bugs by removing ad-hoc checks scattered throughout the codebase."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Performance considerations"}),q("p",{className:"text-muted-foreground",children:"Because the PDP is invoked on every operation, performance is critical. ContractSpec optimizes this by:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Caching policy decisions for identical requests"}),q("li",{children:"Compiling policies into efficient bytecode"}),q("li",{children:"Evaluating only the minimal set of rules needed for each request"}),q("li",{children:"Running the PDP in-process to avoid network latency"})]}),q("p",{className:"text-muted-foreground",children:"In practice, PDP overhead is typically less than 1ms per request."})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(A,{href:"/docs/safety/signing",className:"btn-ghost",children:"Previous: Spec Signing"}),z(A,{href:"/docs/safety/auditing",className:"btn-primary",children:["Next: Audit Logs ",q(B,{size:16})]})]})]})}export{G as SafetyPDPPage};
+      field.sensitivity == 'PII'`})}),q("p",{className:"text-muted-foreground",children:"With this policy, admins see all data, support staff see redacted PII, and other users cannot access PII at all."})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Benefits of centralized decision-making"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[z("li",{children:[q("strong",{children:"Consistency"})," \u2013 Policies are enforced uniformly across all surfaces (API, UI, workflows)."]}),z("li",{children:[q("strong",{children:"Auditability"})," \u2013 Every decision is logged, making it easy to trace why access was granted or denied."]}),z("li",{children:[q("strong",{children:"Flexibility"})," \u2013 Policies can be updated without changing application code."]}),z("li",{children:[q("strong",{children:"Security"})," \u2013 Reduces the risk of authorization bugs by removing ad-hoc checks scattered throughout the codebase."]})]})]}),z("div",{className:"space-y-4",children:[q("h2",{className:"font-bold text-2xl",children:"Performance considerations"}),q("p",{className:"text-muted-foreground",children:"Because the PDP is invoked on every operation, performance is critical. ContractSpec optimizes this by:"}),z("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[q("li",{children:"Caching policy decisions for identical requests"}),q("li",{children:"Compiling policies into efficient bytecode"}),q("li",{children:"Evaluating only the minimal set of rules needed for each request"}),q("li",{children:"Running the PDP in-process to avoid network latency"})]}),q("p",{className:"text-muted-foreground",children:"In practice, PDP overhead is typically less than 1ms per request."})]}),z("div",{className:"flex items-center gap-4 pt-4",children:[q(F,{href:"/docs/safety/signing",className:"btn-ghost",children:"Previous: Spec Signing"}),z(F,{href:"/docs/safety/auditing",className:"btn-primary",children:["Next: Audit Logs ",q(J,{size:16})]})]})]})}export{T as SafetyPDPPage};

package/dist/components/docs/safety/SafetySecurityTrustPage.js CHANGED Viewed

@@ -1,2 +1,2 @@
 // @bun
-import a from"@contractspec/lib.ui-link";import{ChevronRight as i}from"lucide-react";import{jsx as e,jsxs as t}from"react/jsx-runtime";function s(){return t("div",{className:"space-y-8",children:[t("div",{className:"space-y-4",children:[e("h1",{className:"font-bold text-4xl",children:"Security & Trust"}),e("p",{className:"text-muted-foreground",children:"ContractSpec focuses on deterministic, auditable software delivery. This page summarizes our security posture and trust commitments so teams can adopt with clarity."})]}),t("div",{className:"card-subtle space-y-4 p-6",children:[e("h2",{className:"font-bold text-2xl",children:"Security policy"}),e("p",{className:"text-muted-foreground text-sm",children:"We publish a dedicated security policy that explains how to report vulnerabilities and how we respond."}),t(a,{href:"/SECURITY.md",className:"btn-primary",children:["Read the security policy ",e(i,{size:16})]})]}),t("div",{className:"grid gap-4 md:grid-cols-2",children:[t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Release hygiene"}),e("p",{className:"text-muted-foreground text-sm",children:"We ship with deterministic CI, changesets, and contract validation so teams can trust every release."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Changesets required for published packages."}),e("li",{children:"CI gate for contract validation and drift detection."}),e("li",{children:"Rollback-friendly release process."})]})]}),t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Data handling"}),e("p",{className:"text-muted-foreground text-sm",children:"ContractSpec promotes strict data classification and policy-driven access. Specs can tag sensitive fields for enforcement."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Schema-level sensitivity tags."}),e("li",{children:"Policy Decision Point enforcement."}),e("li",{children:"Audit logs for operational traceability."})]})]})]}),t("div",{className:"grid gap-4 md:grid-cols-2",children:[t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Supply chain"}),e("p",{className:"text-muted-foreground text-sm",children:"We track dependency updates and keep the monorepo build reproducible."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Dependabot + Renovate-style updates where available."}),e("li",{children:"Signed release artifacts planned for Studio release cycles."}),e("li",{children:"Transparent changelogs for every package."})]})]}),t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Responsible disclosure"}),e("p",{className:"text-muted-foreground text-sm",children:"We respond quickly to security reports and coordinate fixes before public disclosure."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Security response within 5 business days."}),e("li",{children:"Private disclosure via security@contractspec.io."}),e("li",{children:"Credit for researchers (with permission)."})]})]})]}),t("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Next steps"}),e("p",{className:"text-muted-foreground",children:"Explore the broader safety controls or read the roadmap to see upcoming trust investments."}),t("div",{className:"flex flex-wrap gap-4 pt-4",children:[t(a,{href:"/docs/safety",className:"btn-ghost",children:["Safety overview ",e(i,{size:16})]}),t(a,{href:"/ROADMAP.md",className:"btn-ghost",children:["Roadmap ",e(i,{size:16})]})]})]})]})}export{s as SafetySecurityTrustPage};
+var o=Object.defineProperty;var c=(a)=>a;function d(a,i){this[a]=c.bind(null,i)}var n=(a,i)=>{for(var l in i)o(a,l,{get:i[l],enumerable:!0,configurable:!0,set:d.bind(i,l)})};var p=(a,i)=>()=>(a&&(i=a(a=0)),i);import r from"@contractspec/lib.ui-link";import{ChevronRight as s}from"lucide-react";import{jsx as e,jsxs as t}from"react/jsx-runtime";function h(){return t("div",{className:"space-y-8",children:[t("div",{className:"space-y-4",children:[e("h1",{className:"font-bold text-4xl",children:"Security & Trust"}),e("p",{className:"text-muted-foreground",children:"ContractSpec focuses on deterministic, auditable software delivery. This page summarizes our security posture and trust commitments so teams can adopt with clarity."})]}),t("div",{className:"card-subtle space-y-4 p-6",children:[e("h2",{className:"font-bold text-2xl",children:"Security policy"}),e("p",{className:"text-muted-foreground text-sm",children:"We publish a dedicated security policy that explains how to report vulnerabilities and how we respond."}),t(r,{href:"/SECURITY.md",className:"btn-primary",children:["Read the security policy ",e(s,{size:16})]})]}),t("div",{className:"grid gap-4 md:grid-cols-2",children:[t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Release hygiene"}),e("p",{className:"text-muted-foreground text-sm",children:"We ship with deterministic CI, changesets, and contract validation so teams can trust every release."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Changesets required for published packages."}),e("li",{children:"CI gate for contract validation and drift detection."}),e("li",{children:"Rollback-friendly release process."})]})]}),t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Data handling"}),e("p",{className:"text-muted-foreground text-sm",children:"ContractSpec promotes strict data classification and policy-driven access. Specs can tag sensitive fields for enforcement."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Schema-level sensitivity tags."}),e("li",{children:"Policy Decision Point enforcement."}),e("li",{children:"Audit logs for operational traceability."})]})]})]}),t("div",{className:"grid gap-4 md:grid-cols-2",children:[t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Supply chain"}),e("p",{className:"text-muted-foreground text-sm",children:"We track dependency updates and keep the monorepo build reproducible."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Dependabot + Renovate-style updates where available."}),e("li",{children:"Signed release artifacts planned for Studio release cycles."}),e("li",{children:"Transparent changelogs for every package."})]})]}),t("div",{className:"card-subtle space-y-3 p-6",children:[e("h3",{className:"font-semibold text-lg",children:"Responsible disclosure"}),e("p",{className:"text-muted-foreground text-sm",children:"We respond quickly to security reports and coordinate fixes before public disclosure."}),t("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[e("li",{children:"Security response within 5 business days."}),e("li",{children:"Private disclosure via security@contractspec.io."}),e("li",{children:"Credit for researchers (with permission)."})]})]})]}),t("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Next steps"}),e("p",{className:"text-muted-foreground",children:"Explore the broader safety controls or read the roadmap to see upcoming trust investments."}),t("div",{className:"flex flex-wrap gap-4 pt-4",children:[t(r,{href:"/docs/safety",className:"btn-ghost",children:["Safety overview ",e(s,{size:16})]}),t(r,{href:"/ROADMAP.md",className:"btn-ghost",children:["Roadmap ",e(s,{size:16})]})]})]})]})}export{h as SafetySecurityTrustPage};

package/dist/components/docs/safety/SafetySigningPage.js CHANGED Viewed

@@ -1,6 +1,6 @@
 // @bun
-import z from"@contractspec/lib.ui-link";import{ChevronRight as A}from"lucide-react";import{jsx as f,jsxs as q}from"react/jsx-runtime";function E(){return q("div",{className:"space-y-8",children:[q("div",{className:"space-y-2",children:[f("h1",{className:"font-bold text-4xl",children:"Spec Signing"}),f("p",{className:"text-lg text-muted-foreground",children:"Signing ensures specs haven't been tampered with and provides an audit trail of all changes."})]}),q("div",{className:"space-y-6",children:[q("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"How it works"}),f("p",{className:"text-muted-foreground",children:"Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when."})]}),q("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"Signing a spec"}),f("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:f("pre",{children:`contractspec sign app.spec.ts --key ~/.contractspec/key.pem
-contractspec deploy --signed app.spec.ts.signed`})})]}),q("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"Verifying signatures"}),f("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:f("pre",{children:`contractspec verify app.spec.ts.signed
+var D=Object.defineProperty;var E=(q)=>q;function F(q,z){this[q]=E.bind(null,z)}var I=(q,z)=>{for(var B in z)D(q,B,{get:z[B],enumerable:!0,configurable:!0,set:F.bind(z,B)})};var J=(q,z)=>()=>(q&&(z=q(q=0)),z);import G from"@contractspec/lib.ui-link";import{ChevronRight as H}from"lucide-react";import{jsx as f,jsxs as A}from"react/jsx-runtime";function O(){return A("div",{className:"space-y-8",children:[A("div",{className:"space-y-2",children:[f("h1",{className:"font-bold text-4xl",children:"Spec Signing"}),f("p",{className:"text-lg text-muted-foreground",children:"Signing ensures specs haven't been tampered with and provides an audit trail of all changes."})]}),A("div",{className:"space-y-6",children:[A("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"How it works"}),f("p",{className:"text-muted-foreground",children:"Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when."})]}),A("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"Signing a spec"}),f("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:f("pre",{children:`contractspec sign app.spec.ts --key ~/.contractspec/key.pem
+contractspec deploy --signed app.spec.ts.signed`})})]}),A("div",{className:"space-y-3",children:[f("h2",{className:"font-bold text-2xl",children:"Verifying signatures"}),f("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:f("pre",{children:`contractspec verify app.spec.ts.signed
 # Output: \u2713 Signature valid
 # Signed by: alice@example.com
-# Timestamp: 2024-11-08T10:30:00Z`})})]}),f("div",{className:"flex items-center gap-4 pt-4",children:q(z,{href:"/docs/safety/pdp",className:"btn-primary",children:["Next: Policy Decision Points ",f(A,{size:16})]})})]})]})}export{E as SafetySigningPage};
+# Timestamp: 2024-11-08T10:30:00Z`})})]}),f("div",{className:"flex items-center gap-4 pt-4",children:A(G,{href:"/docs/safety/pdp",className:"btn-primary",children:["Next: Policy Decision Points ",f(H,{size:16})]})})]})]})}export{O as SafetySigningPage};

package/dist/components/docs/safety/SafetyTenantIsolationPage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import{jsx as e,jsxs as t}from"react/jsx-runtime";function a(){return t("div",{className:"space-y-8",children:[t("div",{className:"space-y-4",children:[e("h1",{className:"font-bold text-4xl",children:"Tenant Isolation"}),e("p",{className:"text-lg text-muted-foreground",children:'Preventing cross-tenant data leaks is the #1 security priority for any SaaS. ContractSpec employs "Defense in Depth" to ensure safety.'})]}),t("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Layer 1: RLS Middleware"}),t("p",{children:["The primary defense is the Prisma middleware that rewrites queries to include ",e("code",{children:"WHERE tenantId = ?"}),". This protects against developer error (forgetting to filter)."]})]}),t("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Layer 2: Isolation Validator"}),t("p",{children:["For high-security environments, you can use the"," ",e("code",{children:"IsolationValidator"})," in your test suite to verify that every query generated by your operations actually includes the tenant ID."]}),e("pre",{className:"rounded-lg border bg-muted p-4 text-sm",children:`import { IsolationValidator } from '@contractspec/lib.multi-tenancy/isolation';
+var n=Object.defineProperty;var r=(e)=>e;function s(e,a){this[e]=r.bind(null,a)}var l=(e,a)=>{for(var i in a)n(e,i,{get:a[i],enumerable:!0,configurable:!0,set:s.bind(a,i)})};var d=(e,a)=>()=>(e&&(a=e(e=0)),a);import{jsx as t,jsxs as o}from"react/jsx-runtime";function p(){return o("div",{className:"space-y-8",children:[o("div",{className:"space-y-4",children:[t("h1",{className:"font-bold text-4xl",children:"Tenant Isolation"}),t("p",{className:"text-lg text-muted-foreground",children:'Preventing cross-tenant data leaks is the #1 security priority for any SaaS. ContractSpec employs "Defense in Depth" to ensure safety.'})]}),o("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Layer 1: RLS Middleware"}),o("p",{children:["The primary defense is the Prisma middleware that rewrites queries to include ",t("code",{children:"WHERE tenantId = ?"}),". This protects against developer error (forgetting to filter)."]})]}),o("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Layer 2: Isolation Validator"}),o("p",{children:["For high-security environments, you can use the"," ",t("code",{children:"IsolationValidator"})," in your test suite to verify that every query generated by your operations actually includes the tenant ID."]}),t("pre",{className:"rounded-lg border bg-muted p-4 text-sm",children:`import { IsolationValidator } from '@contractspec/lib.multi-tenancy/isolation';
 test('findUser query is isolated', () => {
   const isValid = IsolationValidator.validateQuery(
@@ -9,4 +9,4 @@ test('findUser query is isolated', () => {
     'tenant-123'
   );
   expect(isValid).toBe(true);
-});`})]}),t("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Layer 3: Policy Engine"}),e("p",{children:"The Policy Decision Point (PDP) verifies that the authenticated user actually belongs to the requested tenant before any operation logic runs."})]})]})}export{a as SafetyTenantIsolationPage};
+});`})]}),o("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Layer 3: Policy Engine"}),t("p",{children:"The Policy Decision Point (PDP) verifies that the authenticated user actually belongs to the requested tenant before any operation logic runs."})]})]})}export{p as SafetyTenantIsolationPage};

package/dist/components/docs/safety/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import g from"@contractspec/lib.ui-link";import{ChevronRight as S}from"lucide-react";import{jsx as t,jsxs as i}from"react/jsx-runtime";function P(){return i("div",{className:"space-y-8",children:[i("div",{className:"space-y-4",children:[t("h1",{className:"font-bold text-4xl",children:"Audit Logs"}),i("p",{className:"text-muted-foreground",children:["An ",t("strong",{children:"audit log"})," (also called an audit trail) is a chronological record of system activities. According to"," ",t("a",{href:"https://www.sumologic.com/glossary/audit-log/",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Sumo Logic"}),', audit logs "provide a detailed record of events and changes within a system, enabling organizations to track user actions, system changes, and access to sensitive data."']})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Why audit logs matter"}),i("div",{className:"space-y-3",children:[i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Accountability"}),t("p",{className:"text-muted-foreground",children:'Audit logs answer the question "who did what, when?" This is essential for holding users and administrators accountable for their actions. If data is deleted or modified, the audit log shows exactly who made the change.'})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Security"}),t("p",{className:"text-muted-foreground",children:"Audit logs help detect and investigate security incidents. For example, if an attacker gains unauthorized access, the logs reveal which resources they accessed and what actions they performed. This information is critical for incident response and forensics."})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Compliance"}),t("p",{className:"text-muted-foreground",children:"Many regulations (GDPR, HIPAA, SOC 2, PCI DSS) require organizations to maintain audit logs. These logs must be tamper-evident, retained for a specified period, and available for inspection by auditors."})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Debugging"}),t("p",{className:"text-muted-foreground",children:"When something goes wrong in production, audit logs provide a detailed timeline of events leading up to the failure. This makes it much easier to diagnose and fix issues."})]})]})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"What ContractSpec logs"}),t("p",{className:"text-muted-foreground",children:"ContractSpec automatically logs every significant operation, including:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"API calls"})," \u2013 Every invocation of a capability, including inputs, outputs, and the user who made the call."]}),i("li",{children:[t("strong",{children:"Policy decisions"})," \u2013 Every decision made by the"," ",t(g,{href:"/docs/safety/pdp",className:"text-violet-400 hover:text-violet-300",children:"Policy Decision Point"}),", including the rule that matched and the reason for the decision."]}),i("li",{children:[t("strong",{children:"Data access"})," \u2013 Every query to a data view, including which fields were accessed and whether any were redacted."]}),i("li",{children:[t("strong",{children:"Workflow execution"})," \u2013 Every step in a workflow, including retries, compensations, and failures."]}),i("li",{children:[t("strong",{children:"Administrative actions"})," \u2013 Spec deployments, configuration changes, user role assignments, and other privileged operations."]}),i("li",{children:[t("strong",{children:"Authentication events"})," \u2013 Login attempts, password resets, and session expirations."]})]})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Audit log format"}),t("p",{className:"text-muted-foreground",children:"Each audit log entry is a structured JSON object containing:"}),t("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:t("pre",{children:`{
+var w=Object.defineProperty;var T=(n)=>n;function I(n,f){this[n]=T.bind(null,f)}var H=(n,f)=>{for(var h in f)w(n,h,{get:f[h],enumerable:!0,configurable:!0,set:I.bind(f,h)})};var B=(n,f)=>()=>(n&&(f=n(n=0)),f);import v from"@contractspec/lib.ui-link";import{ChevronRight as k}from"lucide-react";import{jsx as t,jsxs as i}from"react/jsx-runtime";function D(){return i("div",{className:"space-y-8",children:[i("div",{className:"space-y-4",children:[t("h1",{className:"font-bold text-4xl",children:"Audit Logs"}),i("p",{className:"text-muted-foreground",children:["An ",t("strong",{children:"audit log"})," (also called an audit trail) is a chronological record of system activities. According to"," ",t("a",{href:"https://www.sumologic.com/glossary/audit-log/",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Sumo Logic"}),', audit logs "provide a detailed record of events and changes within a system, enabling organizations to track user actions, system changes, and access to sensitive data."']})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Why audit logs matter"}),i("div",{className:"space-y-3",children:[i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Accountability"}),t("p",{className:"text-muted-foreground",children:'Audit logs answer the question "who did what, when?" This is essential for holding users and administrators accountable for their actions. If data is deleted or modified, the audit log shows exactly who made the change.'})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Security"}),t("p",{className:"text-muted-foreground",children:"Audit logs help detect and investigate security incidents. For example, if an attacker gains unauthorized access, the logs reveal which resources they accessed and what actions they performed. This information is critical for incident response and forensics."})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Compliance"}),t("p",{className:"text-muted-foreground",children:"Many regulations (GDPR, HIPAA, SOC 2, PCI DSS) require organizations to maintain audit logs. These logs must be tamper-evident, retained for a specified period, and available for inspection by auditors."})]}),i("div",{children:[t("h3",{className:"font-semibold text-lg",children:"Debugging"}),t("p",{className:"text-muted-foreground",children:"When something goes wrong in production, audit logs provide a detailed timeline of events leading up to the failure. This makes it much easier to diagnose and fix issues."})]})]})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"What ContractSpec logs"}),t("p",{className:"text-muted-foreground",children:"ContractSpec automatically logs every significant operation, including:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"API calls"})," \u2013 Every invocation of a capability, including inputs, outputs, and the user who made the call."]}),i("li",{children:[t("strong",{children:"Policy decisions"})," \u2013 Every decision made by the"," ",t(v,{href:"/docs/safety/pdp",className:"text-violet-400 hover:text-violet-300",children:"Policy Decision Point"}),", including the rule that matched and the reason for the decision."]}),i("li",{children:[t("strong",{children:"Data access"})," \u2013 Every query to a data view, including which fields were accessed and whether any were redacted."]}),i("li",{children:[t("strong",{children:"Workflow execution"})," \u2013 Every step in a workflow, including retries, compensations, and failures."]}),i("li",{children:[t("strong",{children:"Administrative actions"})," \u2013 Spec deployments, configuration changes, user role assignments, and other privileged operations."]}),i("li",{children:[t("strong",{children:"Authentication events"})," \u2013 Login attempts, password resets, and session expirations."]})]})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Audit log format"}),t("p",{className:"text-muted-foreground",children:"Each audit log entry is a structured JSON object containing:"}),t("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:t("pre",{children:`{
   "timestamp": "2025-11-13T14:32:15.123Z",
   "eventId": "evt_abc123",
   "eventType": "capability.invoked",
@@ -30,7 +30,7 @@ import g from"@contractspec/lib.ui-link";import{ChevronRight as S}from"lucide-re
     "ruleId": "allow-admin-transfers",
     "reason": "User has admin role"
   }
-}`})})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Storage and retention"}),t("p",{className:"text-muted-foreground",children:"Audit logs are stored in a tamper-evident append-only log. Once written, entries cannot be modified or deleted. This ensures the integrity of the audit trail."}),t("p",{className:"text-muted-foreground",children:"ContractSpec supports multiple storage backends:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"Local file system"})," \u2013 For development and testing."]}),i("li",{children:[t("strong",{children:"Cloud object storage"})," \u2013 S3, GCS, or Azure Blob Storage for production."]}),i("li",{children:[t("strong",{children:"SIEM integration"})," \u2013 Forward logs to Splunk, Datadog, or other security information and event management systems."]})]}),t("p",{className:"text-muted-foreground",children:"You can configure retention policies to automatically archive or delete old logs after a specified period (e.g., 7 years for GDPR compliance)."})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Querying audit logs"}),t("p",{className:"text-muted-foreground",children:"ContractSpec provides a query API for searching audit logs. You can filter by:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[t("li",{children:"Time range"}),t("li",{children:"Event type"}),t("li",{children:"Actor (user ID, role, IP address)"}),t("li",{children:"Resource (capability, data view, workflow)"}),t("li",{children:"Result (success, failure, denied)"})]}),t("p",{className:"text-muted-foreground",children:'Example query: "Show all failed login attempts from IP address 203.0.113.42 in the last 24 hours."'})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Best practices"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"Review logs regularly"})," \u2013 Set up alerts for suspicious activity (e.g., repeated failed login attempts, unauthorized access attempts)."]}),i("li",{children:[t("strong",{children:"Protect log access"})," \u2013 Only authorized personnel should be able to view audit logs. Use role-based access control to restrict access."]}),i("li",{children:[t("strong",{children:"Retain logs long enough"})," \u2013 Check your compliance requirements and configure retention policies accordingly."]}),i("li",{children:[t("strong",{children:"Test log integrity"})," \u2013 Periodically verify that logs have not been tampered with by checking cryptographic signatures."]})]})]}),i("div",{className:"flex items-center gap-4 pt-4",children:[t(g,{href:"/docs/safety/pdp",className:"btn-ghost",children:"Previous: Policy Decision Points"}),i(g,{href:"/docs/safety/migrations",className:"btn-primary",children:["Next: Migrations ",t(S,{size:16})]})]})]})}import b from"@contractspec/lib.ui-link";import{ChevronRight as w}from"lucide-react";import{jsx as e,jsxs as o}from"react/jsx-runtime";function T(){return o("div",{className:"space-y-8",children:[o("div",{className:"space-y-4",children:[e("h1",{className:"font-bold text-4xl",children:"Migrations"}),o("p",{className:"text-muted-foreground",children:["A ",e("strong",{children:"schema migration"})," (also called a database migration) is a set of incremental, reversible changes to a database schema. According to"," ",e("a",{href:"https://en.wikipedia.org/wiki/Schema_migration",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Wikipedia"}),`, schema migrations "allow the database schema to evolve as the application's requirements change, while preserving existing data."`]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Why migrations matter"}),e("p",{className:"text-muted-foreground",children:"As your application evolves, you'll need to change your data model\u2014adding new fields, renaming tables, changing data types, or restructuring relationships. Without a disciplined approach, these changes can lead to:"}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[e("li",{children:"Data loss or corruption"}),e("li",{children:"Downtime during deployments"}),e("li",{children:"Inconsistencies between environments (dev, staging, production)"}),e("li",{children:"Difficulty rolling back failed changes"})]}),e("p",{className:"text-muted-foreground",children:"Migrations solve these problems by treating schema changes as versioned, tested, and reversible operations."})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"How MigrationSpec works"}),o("p",{className:"text-muted-foreground",children:["In ContractSpec, migrations are defined using"," ",e("strong",{children:"MigrationSpec"}),". Each migration has:"]}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[o("li",{children:[e("strong",{children:"Version"}),' \u2013 A unique identifier (e.g., "2025-11-13-001") that determines the order of execution.']}),o("li",{children:[e("strong",{children:"Up function"}),` \u2013 The forward migration that applies the change (e.g., "add column 'email_verified'").`]}),o("li",{children:[e("strong",{children:"Down function"}),` \u2013 The reverse migration that undoes the change (e.g., "drop column 'email_verified'").`]}),o("li",{children:[e("strong",{children:"Dependencies"})," \u2013 Other migrations that must run before this one."]}),o("li",{children:[e("strong",{children:"Validation"}),' \u2013 Optional checks to ensure the migration succeeded (e.g., "verify all users have an email address").']})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Example MigrationSpec"}),e("p",{className:"text-muted-foreground",children:"Here's a migration that adds an email verification field to the users table:"}),e("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:e("pre",{children:`migrationId: add-email-verified
+}`})})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Storage and retention"}),t("p",{className:"text-muted-foreground",children:"Audit logs are stored in a tamper-evident append-only log. Once written, entries cannot be modified or deleted. This ensures the integrity of the audit trail."}),t("p",{className:"text-muted-foreground",children:"ContractSpec supports multiple storage backends:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"Local file system"})," \u2013 For development and testing."]}),i("li",{children:[t("strong",{children:"Cloud object storage"})," \u2013 S3, GCS, or Azure Blob Storage for production."]}),i("li",{children:[t("strong",{children:"SIEM integration"})," \u2013 Forward logs to Splunk, Datadog, or other security information and event management systems."]})]}),t("p",{className:"text-muted-foreground",children:"You can configure retention policies to automatically archive or delete old logs after a specified period (e.g., 7 years for GDPR compliance)."})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Querying audit logs"}),t("p",{className:"text-muted-foreground",children:"ContractSpec provides a query API for searching audit logs. You can filter by:"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[t("li",{children:"Time range"}),t("li",{children:"Event type"}),t("li",{children:"Actor (user ID, role, IP address)"}),t("li",{children:"Resource (capability, data view, workflow)"}),t("li",{children:"Result (success, failure, denied)"})]}),t("p",{className:"text-muted-foreground",children:'Example query: "Show all failed login attempts from IP address 203.0.113.42 in the last 24 hours."'})]}),i("div",{className:"space-y-4",children:[t("h2",{className:"font-bold text-2xl",children:"Best practices"}),i("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[i("li",{children:[t("strong",{children:"Review logs regularly"})," \u2013 Set up alerts for suspicious activity (e.g., repeated failed login attempts, unauthorized access attempts)."]}),i("li",{children:[t("strong",{children:"Protect log access"})," \u2013 Only authorized personnel should be able to view audit logs. Use role-based access control to restrict access."]}),i("li",{children:[t("strong",{children:"Retain logs long enough"})," \u2013 Check your compliance requirements and configure retention policies accordingly."]}),i("li",{children:[t("strong",{children:"Test log integrity"})," \u2013 Periodically verify that logs have not been tampered with by checking cryptographic signatures."]})]})]}),i("div",{className:"flex items-center gap-4 pt-4",children:[t(v,{href:"/docs/safety/pdp",className:"btn-ghost",children:"Previous: Policy Decision Points"}),i(v,{href:"/docs/safety/migrations",className:"btn-primary",children:["Next: Migrations ",t(k,{size:16})]})]})]})}import P from"@contractspec/lib.ui-link";import{ChevronRight as R}from"lucide-react";import{jsx as e,jsxs as o}from"react/jsx-runtime";function A(){return o("div",{className:"space-y-8",children:[o("div",{className:"space-y-4",children:[e("h1",{className:"font-bold text-4xl",children:"Migrations"}),o("p",{className:"text-muted-foreground",children:["A ",e("strong",{children:"schema migration"})," (also called a database migration) is a set of incremental, reversible changes to a database schema. According to"," ",e("a",{href:"https://en.wikipedia.org/wiki/Schema_migration",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"Wikipedia"}),`, schema migrations "allow the database schema to evolve as the application's requirements change, while preserving existing data."`]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Why migrations matter"}),e("p",{className:"text-muted-foreground",children:"As your application evolves, you'll need to change your data model\u2014adding new fields, renaming tables, changing data types, or restructuring relationships. Without a disciplined approach, these changes can lead to:"}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[e("li",{children:"Data loss or corruption"}),e("li",{children:"Downtime during deployments"}),e("li",{children:"Inconsistencies between environments (dev, staging, production)"}),e("li",{children:"Difficulty rolling back failed changes"})]}),e("p",{className:"text-muted-foreground",children:"Migrations solve these problems by treating schema changes as versioned, tested, and reversible operations."})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"How MigrationSpec works"}),o("p",{className:"text-muted-foreground",children:["In ContractSpec, migrations are defined using"," ",e("strong",{children:"MigrationSpec"}),". Each migration has:"]}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[o("li",{children:[e("strong",{children:"Version"}),' \u2013 A unique identifier (e.g., "2025-11-13-001") that determines the order of execution.']}),o("li",{children:[e("strong",{children:"Up function"}),` \u2013 The forward migration that applies the change (e.g., "add column 'email_verified'").`]}),o("li",{children:[e("strong",{children:"Down function"}),` \u2013 The reverse migration that undoes the change (e.g., "drop column 'email_verified'").`]}),o("li",{children:[e("strong",{children:"Dependencies"})," \u2013 Other migrations that must run before this one."]}),o("li",{children:[e("strong",{children:"Validation"}),' \u2013 Optional checks to ensure the migration succeeded (e.g., "verify all users have an email address").']})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Example MigrationSpec"}),e("p",{className:"text-muted-foreground",children:"Here's a migration that adds an email verification field to the users table:"}),e("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:e("pre",{children:`migrationId: add-email-verified
 version: 2025-11-13-001
 dependencies: []
@@ -53,7 +53,7 @@ validation:
   - sql: |
       SELECT COUNT(*) FROM users
       WHERE email_verified IS NULL;
-    expectZeroRows: true`})})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Running migrations"}),e("p",{className:"text-muted-foreground",children:"Migrations are applied automatically during deployment. The ContractSpec runtime:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Checks which migrations have already been applied (stored in a migrations table)."}),e("li",{children:"Identifies new migrations that need to run."}),e("li",{children:"Executes them in order, respecting dependencies."}),e("li",{children:"Runs validation checks to ensure success."}),e("li",{children:"Records the migration as applied."})]}),e("p",{className:"text-muted-foreground",children:"If a migration fails, the deployment is aborted, and the system remains in its previous state. You can then fix the migration and redeploy."})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Rolling back migrations"}),o("p",{className:"text-muted-foreground",children:["If you need to roll back a deployment, ContractSpec automatically runs the ",e("strong",{children:"down"})," functions of any migrations that were applied. This restores the database to its previous state."]}),e("p",{className:"text-muted-foreground",children:"Note that rollbacks are not always possible\u2014for example, if you've deleted a column, you cannot recover the data unless you have a backup. For destructive changes, it's best to use a multi-step migration:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Add the new column (reversible)."}),e("li",{children:"Backfill data from the old column to the new column (reversible)."}),e("li",{children:"Update application code to use the new column (reversible)."}),e("li",{children:"Drop the old column (irreversible\u2014only do this after confirming the new column works)."})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Best practices"}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[o("li",{children:[e("strong",{children:"Test migrations locally"})," \u2013 Run them against a copy of production data to catch issues before deploying."]}),o("li",{children:[e("strong",{children:"Keep migrations small"})," \u2013 Each migration should do one thing. This makes them easier to understand and roll back."]}),o("li",{children:[e("strong",{children:"Write reversible migrations"})," \u2013 Always provide a down function, even if you don't plan to roll back."]}),o("li",{children:[e("strong",{children:"Use transactions"})," \u2013 Wrap migrations in database transactions so they either fully succeed or fully fail."]}),o("li",{children:[e("strong",{children:"Avoid destructive changes"})," \u2013 Prefer additive changes (adding columns) over destructive ones (dropping columns). If you must delete data, archive it first."]}),o("li",{children:[e("strong",{children:"Version your migrations"})," \u2013 Use timestamps or sequential numbers to ensure migrations run in the correct order."]}),o("li",{children:[e("strong",{children:"Document breaking changes"})," \u2013 If a migration requires application code changes, note this in the migration description."]})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Zero-downtime migrations"}),e("p",{className:"text-muted-foreground",children:"Some migrations can cause downtime if not handled carefully. For example, adding a NOT NULL column to a large table can lock the table for minutes. To avoid this, use a multi-step approach:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Add the column as nullable."}),e("li",{children:"Backfill the column in batches (without locking the table)."}),e("li",{children:"Add the NOT NULL constraint once all rows are populated."})]}),e("p",{className:"text-muted-foreground",children:"ContractSpec's migration system supports this pattern by allowing you to split a logical change into multiple versioned migrations."})]}),o("div",{className:"flex items-center gap-4 pt-4",children:[e(b,{href:"/docs/safety/auditing",className:"btn-ghost",children:"Previous: Audit Logs"}),o(b,{href:"/docs/advanced/renderers",className:"btn-primary",children:["Next: Advanced Topics ",e(w,{size:16})]})]})]})}import I from"@contractspec/lib.ui-link";import{jsx as c,jsxs as u}from"react/jsx-runtime";var k=[{title:"Spec signing",body:"Protect the integrity of what gets deployed and make changes verifiable.",href:"/docs/safety/signing"},{title:"Policy decision points",body:"Apply governance consistently across operations, data access, and generated surfaces.",href:"/docs/safety/pdp"},{title:"Audit trails",body:"Record operational and policy decisions with enough context to inspect and explain them later.",href:"/docs/safety/auditing"},{title:"Migrations",body:"Evolve data and schema boundaries without losing control of the system.",href:"/docs/safety/migrations"},{title:"Tenant isolation",body:"Keep configuration, access rules, and sensitive data bounded by tenant.",href:"/docs/safety/tenant-isolation"},{title:"Security and trust",body:"Understand the trust model, release process, and security expectations around the OSS system.",href:"/docs/safety/security-trust"}];function D(){return u("div",{className:"space-y-10",children:[u("div",{className:"space-y-3",children:[c("p",{className:"editorial-kicker",children:"Operate"}),c("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Safety is part of the system model, not an afterthought."}),c("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:"ContractSpec is meant to survive real change: new generated surfaces, policy updates, migrations, integration churn, and operator handoffs. The safety layer makes those changes inspectable, reversible, and governed."})]}),u("div",{className:"editorial-proof-strip",children:[u("div",{className:"editorial-stat",children:[c("span",{className:"editorial-label",children:"Operating rule"}),c("span",{className:"editorial-stat-value",children:"explicit change beats hidden mutation"})]}),c("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Use policies, signing, audit trails, and migrations to keep the system legible even as AI-assisted workflows accelerate change volume."})]}),c("div",{className:"grid gap-4 md:grid-cols-2",children:k.map((y)=>u(I,{href:y.href,className:"editorial-panel",children:[c("h2",{className:"font-semibold text-xl",children:y.title}),c("p",{className:"mt-2 text-muted-foreground text-sm leading-7",children:y.body})]},y.href))})]})}import h from"@contractspec/lib.ui-link";import{ChevronRight as R}from"lucide-react";import{jsx as a,jsxs as l}from"react/jsx-runtime";function A(){return l("div",{className:"space-y-8",children:[l("div",{className:"space-y-4",children:[a("h1",{className:"font-bold text-4xl",children:"Policy Decision Points"}),l("p",{className:"text-muted-foreground",children:["A ",a("strong",{children:"Policy Decision Point (PDP)"})," is a centralized component that evaluates access control policies and makes authorization decisions. According to"," ",a("a",{href:"https://www.strongdm.com/blog/policy-decision-point",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"StrongDM"}),', the PDP "receives requests for access to resources, evaluates them against policies, and returns a decision (permit or deny)."']})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"How the PDP works in ContractSpec"}),a("p",{className:"text-muted-foreground",children:"In ContractSpec, the PDP is invoked on every operation\u2014whether it's rendering a UI component, executing a capability, or querying a data view. The flow is:"}),l("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground",children:[l("li",{children:[a("strong",{children:"Request evaluation"})," \u2013 The runtime sends a request to the PDP containing:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[a("li",{children:"The user's identity and attributes (roles, groups, location, etc.)"}),a("li",{children:"The resource being accessed (capability, field, workflow step)"}),a("li",{children:"The action being performed (read, write, execute)"}),a("li",{children:"Contextual information (time of day, device type, IP address)"})]})]}),l("li",{children:[a("strong",{children:"Policy evaluation"})," \u2013 The PDP evaluates the request against all applicable ",a("strong",{children:"PolicySpecs"}),". These specs define rules using attribute-based access control (ABAC) and can reference:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[a("li",{children:`User attributes (e.g., "role == 'admin'")`}),a("li",{children:`Resource attributes (e.g., "field.sensitivity == 'PII'")`}),a("li",{children:'Environmental attributes (e.g., "time.hour >= 9 AND time.hour < 17")'})]})]}),l("li",{children:[a("strong",{children:"Decision return"})," \u2013 The PDP returns one of:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"PERMIT"})," ","\u2013 The operation is allowed."]}),l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"DENY"})," ","\u2013 The operation is blocked."]}),l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"REDACT"})," ","\u2013 The operation is allowed, but sensitive fields are masked."]})]})]}),l("li",{children:[a("strong",{children:"Enforcement"})," \u2013 The runtime enforces the decision. If denied, the operation fails with a clear error message. If redacted, sensitive fields are replaced with placeholders."]}),l("li",{children:[a("strong",{children:"Auditing"})," \u2013 Every PDP decision is logged to the"," ",a(h,{href:"/docs/safety/auditing",className:"text-violet-400 hover:text-violet-300",children:"audit log"}),", including the request, decision, and reasoning."]})]})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Example PolicySpec"}),a("p",{className:"text-muted-foreground",children:"Here's a simple policy that restricts access to PII fields:"}),a("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:a("pre",{children:`policyId: pii-access-control
+    expectZeroRows: true`})})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Running migrations"}),e("p",{className:"text-muted-foreground",children:"Migrations are applied automatically during deployment. The ContractSpec runtime:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Checks which migrations have already been applied (stored in a migrations table)."}),e("li",{children:"Identifies new migrations that need to run."}),e("li",{children:"Executes them in order, respecting dependencies."}),e("li",{children:"Runs validation checks to ensure success."}),e("li",{children:"Records the migration as applied."})]}),e("p",{className:"text-muted-foreground",children:"If a migration fails, the deployment is aborted, and the system remains in its previous state. You can then fix the migration and redeploy."})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Rolling back migrations"}),o("p",{className:"text-muted-foreground",children:["If you need to roll back a deployment, ContractSpec automatically runs the ",e("strong",{children:"down"})," functions of any migrations that were applied. This restores the database to its previous state."]}),e("p",{className:"text-muted-foreground",children:"Note that rollbacks are not always possible\u2014for example, if you've deleted a column, you cannot recover the data unless you have a backup. For destructive changes, it's best to use a multi-step migration:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Add the new column (reversible)."}),e("li",{children:"Backfill data from the old column to the new column (reversible)."}),e("li",{children:"Update application code to use the new column (reversible)."}),e("li",{children:"Drop the old column (irreversible\u2014only do this after confirming the new column works)."})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Best practices"}),o("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[o("li",{children:[e("strong",{children:"Test migrations locally"})," \u2013 Run them against a copy of production data to catch issues before deploying."]}),o("li",{children:[e("strong",{children:"Keep migrations small"})," \u2013 Each migration should do one thing. This makes them easier to understand and roll back."]}),o("li",{children:[e("strong",{children:"Write reversible migrations"})," \u2013 Always provide a down function, even if you don't plan to roll back."]}),o("li",{children:[e("strong",{children:"Use transactions"})," \u2013 Wrap migrations in database transactions so they either fully succeed or fully fail."]}),o("li",{children:[e("strong",{children:"Avoid destructive changes"})," \u2013 Prefer additive changes (adding columns) over destructive ones (dropping columns). If you must delete data, archive it first."]}),o("li",{children:[e("strong",{children:"Version your migrations"})," \u2013 Use timestamps or sequential numbers to ensure migrations run in the correct order."]}),o("li",{children:[e("strong",{children:"Document breaking changes"})," \u2013 If a migration requires application code changes, note this in the migration description."]})]})]}),o("div",{className:"space-y-4",children:[e("h2",{className:"font-bold text-2xl",children:"Zero-downtime migrations"}),e("p",{className:"text-muted-foreground",children:"Some migrations can cause downtime if not handled carefully. For example, adding a NOT NULL column to a large table can lock the table for minutes. To avoid this, use a multi-step approach:"}),o("ol",{className:"list-inside list-decimal space-y-2 text-muted-foreground",children:[e("li",{children:"Add the column as nullable."}),e("li",{children:"Backfill the column in batches (without locking the table)."}),e("li",{children:"Add the NOT NULL constraint once all rows are populated."})]}),e("p",{className:"text-muted-foreground",children:"ContractSpec's migration system supports this pattern by allowing you to split a logical change into multiple versioned migrations."})]}),o("div",{className:"flex items-center gap-4 pt-4",children:[e(P,{href:"/docs/safety/auditing",className:"btn-ghost",children:"Previous: Audit Logs"}),o(P,{href:"/docs/advanced/renderers",className:"btn-primary",children:["Next: Advanced Topics ",e(R,{size:16})]})]})]})}import q from"@contractspec/lib.ui-link";import{jsx as p,jsxs as g}from"react/jsx-runtime";var E=[{title:"Spec signing",body:"Protect the integrity of what gets deployed and make changes verifiable.",href:"/docs/safety/signing"},{title:"Policy decision points",body:"Apply governance consistently across operations, data access, and generated surfaces.",href:"/docs/safety/pdp"},{title:"Audit trails",body:"Record operational and policy decisions with enough context to inspect and explain them later.",href:"/docs/safety/auditing"},{title:"Migrations",body:"Evolve data and schema boundaries without losing control of the system.",href:"/docs/safety/migrations"},{title:"Tenant isolation",body:"Keep configuration, access rules, and sensitive data bounded by tenant.",href:"/docs/safety/tenant-isolation"},{title:"Security and trust",body:"Understand the trust model, release process, and security expectations around the OSS system.",href:"/docs/safety/security-trust"}];function O(){return g("div",{className:"space-y-10",children:[g("div",{className:"space-y-3",children:[p("p",{className:"editorial-kicker",children:"Operate"}),p("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Safety is part of the system model, not an afterthought."}),p("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:"ContractSpec is meant to survive real change: new generated surfaces, policy updates, migrations, integration churn, and operator handoffs. The safety layer makes those changes inspectable, reversible, and governed."})]}),g("div",{className:"editorial-proof-strip",children:[g("div",{className:"editorial-stat",children:[p("span",{className:"editorial-label",children:"Operating rule"}),p("span",{className:"editorial-stat-value",children:"explicit change beats hidden mutation"})]}),p("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Use policies, signing, audit trails, and migrations to keep the system legible even as AI-assisted workflows accelerate change volume."})]}),p("div",{className:"grid gap-4 md:grid-cols-2",children:E.map((n)=>g(q,{href:n.href,className:"editorial-panel",children:[p("h2",{className:"font-semibold text-xl",children:n.title}),p("p",{className:"mt-2 text-muted-foreground text-sm leading-7",children:n.body})]},n.href))})]})}import N from"@contractspec/lib.ui-link";import{ChevronRight as V}from"lucide-react";import{jsx as a,jsxs as l}from"react/jsx-runtime";function U(){return l("div",{className:"space-y-8",children:[l("div",{className:"space-y-4",children:[a("h1",{className:"font-bold text-4xl",children:"Policy Decision Points"}),l("p",{className:"text-muted-foreground",children:["A ",a("strong",{children:"Policy Decision Point (PDP)"})," is a centralized component that evaluates access control policies and makes authorization decisions. According to"," ",a("a",{href:"https://www.strongdm.com/blog/policy-decision-point",target:"_blank",rel:"noopener noreferrer",className:"text-violet-400 hover:text-violet-300",children:"StrongDM"}),', the PDP "receives requests for access to resources, evaluates them against policies, and returns a decision (permit or deny)."']})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"How the PDP works in ContractSpec"}),a("p",{className:"text-muted-foreground",children:"In ContractSpec, the PDP is invoked on every operation\u2014whether it's rendering a UI component, executing a capability, or querying a data view. The flow is:"}),l("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground",children:[l("li",{children:[a("strong",{children:"Request evaluation"})," \u2013 The runtime sends a request to the PDP containing:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[a("li",{children:"The user's identity and attributes (roles, groups, location, etc.)"}),a("li",{children:"The resource being accessed (capability, field, workflow step)"}),a("li",{children:"The action being performed (read, write, execute)"}),a("li",{children:"Contextual information (time of day, device type, IP address)"})]})]}),l("li",{children:[a("strong",{children:"Policy evaluation"})," \u2013 The PDP evaluates the request against all applicable ",a("strong",{children:"PolicySpecs"}),". These specs define rules using attribute-based access control (ABAC) and can reference:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[a("li",{children:`User attributes (e.g., "role == 'admin'")`}),a("li",{children:`Resource attributes (e.g., "field.sensitivity == 'PII'")`}),a("li",{children:'Environmental attributes (e.g., "time.hour >= 9 AND time.hour < 17")'})]})]}),l("li",{children:[a("strong",{children:"Decision return"})," \u2013 The PDP returns one of:",l("ul",{className:"mt-2 ml-6 list-inside list-disc space-y-1",children:[l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"PERMIT"})," ","\u2013 The operation is allowed."]}),l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"DENY"})," ","\u2013 The operation is blocked."]}),l("li",{children:[a("code",{className:"rounded bg-background/50 px-2 py-1",children:"REDACT"})," ","\u2013 The operation is allowed, but sensitive fields are masked."]})]})]}),l("li",{children:[a("strong",{children:"Enforcement"})," \u2013 The runtime enforces the decision. If denied, the operation fails with a clear error message. If redacted, sensitive fields are replaced with placeholders."]}),l("li",{children:[a("strong",{children:"Auditing"})," \u2013 Every PDP decision is logged to the"," ",a(N,{href:"/docs/safety/auditing",className:"text-violet-400 hover:text-violet-300",children:"audit log"}),", including the request, decision, and reasoning."]})]})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Example PolicySpec"}),a("p",{className:"text-muted-foreground",children:"Here's a simple policy that restricts access to PII fields:"}),a("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:a("pre",{children:`policyId: pii-access-control
 version: '1.0.0'.0.0
 rules:
   - id: allow-admin-full-access
@@ -71,11 +71,11 @@ rules:
     effect: DENY
     condition: |
       user.role NOT IN ['admin', 'support'] AND
-      field.sensitivity == 'PII'`})}),a("p",{className:"text-muted-foreground",children:"With this policy, admins see all data, support staff see redacted PII, and other users cannot access PII at all."})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Benefits of centralized decision-making"}),l("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[l("li",{children:[a("strong",{children:"Consistency"})," \u2013 Policies are enforced uniformly across all surfaces (API, UI, workflows)."]}),l("li",{children:[a("strong",{children:"Auditability"})," \u2013 Every decision is logged, making it easy to trace why access was granted or denied."]}),l("li",{children:[a("strong",{children:"Flexibility"})," \u2013 Policies can be updated without changing application code."]}),l("li",{children:[a("strong",{children:"Security"})," \u2013 Reduces the risk of authorization bugs by removing ad-hoc checks scattered throughout the codebase."]})]})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Performance considerations"}),a("p",{className:"text-muted-foreground",children:"Because the PDP is invoked on every operation, performance is critical. ContractSpec optimizes this by:"}),l("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[a("li",{children:"Caching policy decisions for identical requests"}),a("li",{children:"Compiling policies into efficient bytecode"}),a("li",{children:"Evaluating only the minimal set of rules needed for each request"}),a("li",{children:"Running the PDP in-process to avoid network latency"})]}),a("p",{className:"text-muted-foreground",children:"In practice, PDP overhead is typically less than 1ms per request."})]}),l("div",{className:"flex items-center gap-4 pt-4",children:[a(h,{href:"/docs/safety/signing",className:"btn-ghost",children:"Previous: Spec Signing"}),l(h,{href:"/docs/safety/auditing",className:"btn-primary",children:["Next: Audit Logs ",a(R,{size:16})]})]})]})}import v from"@contractspec/lib.ui-link";import{ChevronRight as N}from"lucide-react";import{jsx as r,jsxs as d}from"react/jsx-runtime";function q(){return d("div",{className:"space-y-8",children:[d("div",{className:"space-y-4",children:[r("h1",{className:"font-bold text-4xl",children:"Security & Trust"}),r("p",{className:"text-muted-foreground",children:"ContractSpec focuses on deterministic, auditable software delivery. This page summarizes our security posture and trust commitments so teams can adopt with clarity."})]}),d("div",{className:"card-subtle space-y-4 p-6",children:[r("h2",{className:"font-bold text-2xl",children:"Security policy"}),r("p",{className:"text-muted-foreground text-sm",children:"We publish a dedicated security policy that explains how to report vulnerabilities and how we respond."}),d(v,{href:"/SECURITY.md",className:"btn-primary",children:["Read the security policy ",r(N,{size:16})]})]}),d("div",{className:"grid gap-4 md:grid-cols-2",children:[d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Release hygiene"}),r("p",{className:"text-muted-foreground text-sm",children:"We ship with deterministic CI, changesets, and contract validation so teams can trust every release."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Changesets required for published packages."}),r("li",{children:"CI gate for contract validation and drift detection."}),r("li",{children:"Rollback-friendly release process."})]})]}),d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Data handling"}),r("p",{className:"text-muted-foreground text-sm",children:"ContractSpec promotes strict data classification and policy-driven access. Specs can tag sensitive fields for enforcement."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Schema-level sensitivity tags."}),r("li",{children:"Policy Decision Point enforcement."}),r("li",{children:"Audit logs for operational traceability."})]})]})]}),d("div",{className:"grid gap-4 md:grid-cols-2",children:[d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Supply chain"}),r("p",{className:"text-muted-foreground text-sm",children:"We track dependency updates and keep the monorepo build reproducible."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Dependabot + Renovate-style updates where available."}),r("li",{children:"Signed release artifacts planned for Studio release cycles."}),r("li",{children:"Transparent changelogs for every package."})]})]}),d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Responsible disclosure"}),r("p",{className:"text-muted-foreground text-sm",children:"We respond quickly to security reports and coordinate fixes before public disclosure."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Security response within 5 business days."}),r("li",{children:"Private disclosure via security@contractspec.io."}),r("li",{children:"Credit for researchers (with permission)."})]})]})]}),d("div",{className:"space-y-4",children:[r("h2",{className:"font-bold text-2xl",children:"Next steps"}),r("p",{className:"text-muted-foreground",children:"Explore the broader safety controls or read the roadmap to see upcoming trust investments."}),d("div",{className:"flex flex-wrap gap-4 pt-4",children:[d(v,{href:"/docs/safety",className:"btn-ghost",children:["Safety overview ",r(N,{size:16})]}),d(v,{href:"/ROADMAP.md",className:"btn-ghost",children:["Roadmap ",r(N,{size:16})]})]})]})]})}import E from"@contractspec/lib.ui-link";import{ChevronRight as O}from"lucide-react";import{jsx as n,jsxs as m}from"react/jsx-runtime";function V(){return m("div",{className:"space-y-8",children:[m("div",{className:"space-y-2",children:[n("h1",{className:"font-bold text-4xl",children:"Spec Signing"}),n("p",{className:"text-lg text-muted-foreground",children:"Signing ensures specs haven't been tampered with and provides an audit trail of all changes."})]}),m("div",{className:"space-y-6",children:[m("div",{className:"space-y-3",children:[n("h2",{className:"font-bold text-2xl",children:"How it works"}),n("p",{className:"text-muted-foreground",children:"Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when."})]}),m("div",{className:"space-y-3",children:[n("h2",{className:"font-bold text-2xl",children:"Signing a spec"}),n("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:n("pre",{children:`contractspec sign app.spec.ts --key ~/.contractspec/key.pem
-contractspec deploy --signed app.spec.ts.signed`})})]}),m("div",{className:"space-y-3",children:[n("h2",{className:"font-bold text-2xl",children:"Verifying signatures"}),n("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:n("pre",{children:`contractspec verify app.spec.ts.signed
+      field.sensitivity == 'PII'`})}),a("p",{className:"text-muted-foreground",children:"With this policy, admins see all data, support staff see redacted PII, and other users cannot access PII at all."})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Benefits of centralized decision-making"}),l("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[l("li",{children:[a("strong",{children:"Consistency"})," \u2013 Policies are enforced uniformly across all surfaces (API, UI, workflows)."]}),l("li",{children:[a("strong",{children:"Auditability"})," \u2013 Every decision is logged, making it easy to trace why access was granted or denied."]}),l("li",{children:[a("strong",{children:"Flexibility"})," \u2013 Policies can be updated without changing application code."]}),l("li",{children:[a("strong",{children:"Security"})," \u2013 Reduces the risk of authorization bugs by removing ad-hoc checks scattered throughout the codebase."]})]})]}),l("div",{className:"space-y-4",children:[a("h2",{className:"font-bold text-2xl",children:"Performance considerations"}),a("p",{className:"text-muted-foreground",children:"Because the PDP is invoked on every operation, performance is critical. ContractSpec optimizes this by:"}),l("ul",{className:"list-inside list-disc space-y-2 text-muted-foreground",children:[a("li",{children:"Caching policy decisions for identical requests"}),a("li",{children:"Compiling policies into efficient bytecode"}),a("li",{children:"Evaluating only the minimal set of rules needed for each request"}),a("li",{children:"Running the PDP in-process to avoid network latency"})]}),a("p",{className:"text-muted-foreground",children:"In practice, PDP overhead is typically less than 1ms per request."})]}),l("div",{className:"flex items-center gap-4 pt-4",children:[a(N,{href:"/docs/safety/signing",className:"btn-ghost",children:"Previous: Spec Signing"}),l(N,{href:"/docs/safety/auditing",className:"btn-primary",children:["Next: Audit Logs ",a(V,{size:16})]})]})]})}import b from"@contractspec/lib.ui-link";import{ChevronRight as S}from"lucide-react";import{jsx as r,jsxs as d}from"react/jsx-runtime";function W(){return d("div",{className:"space-y-8",children:[d("div",{className:"space-y-4",children:[r("h1",{className:"font-bold text-4xl",children:"Security & Trust"}),r("p",{className:"text-muted-foreground",children:"ContractSpec focuses on deterministic, auditable software delivery. This page summarizes our security posture and trust commitments so teams can adopt with clarity."})]}),d("div",{className:"card-subtle space-y-4 p-6",children:[r("h2",{className:"font-bold text-2xl",children:"Security policy"}),r("p",{className:"text-muted-foreground text-sm",children:"We publish a dedicated security policy that explains how to report vulnerabilities and how we respond."}),d(b,{href:"/SECURITY.md",className:"btn-primary",children:["Read the security policy ",r(S,{size:16})]})]}),d("div",{className:"grid gap-4 md:grid-cols-2",children:[d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Release hygiene"}),r("p",{className:"text-muted-foreground text-sm",children:"We ship with deterministic CI, changesets, and contract validation so teams can trust every release."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Changesets required for published packages."}),r("li",{children:"CI gate for contract validation and drift detection."}),r("li",{children:"Rollback-friendly release process."})]})]}),d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Data handling"}),r("p",{className:"text-muted-foreground text-sm",children:"ContractSpec promotes strict data classification and policy-driven access. Specs can tag sensitive fields for enforcement."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Schema-level sensitivity tags."}),r("li",{children:"Policy Decision Point enforcement."}),r("li",{children:"Audit logs for operational traceability."})]})]})]}),d("div",{className:"grid gap-4 md:grid-cols-2",children:[d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Supply chain"}),r("p",{className:"text-muted-foreground text-sm",children:"We track dependency updates and keep the monorepo build reproducible."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Dependabot + Renovate-style updates where available."}),r("li",{children:"Signed release artifacts planned for Studio release cycles."}),r("li",{children:"Transparent changelogs for every package."})]})]}),d("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:"Responsible disclosure"}),r("p",{className:"text-muted-foreground text-sm",children:"We respond quickly to security reports and coordinate fixes before public disclosure."}),d("ul",{className:"space-y-2 text-muted-foreground text-sm",children:[r("li",{children:"Security response within 5 business days."}),r("li",{children:"Private disclosure via security@contractspec.io."}),r("li",{children:"Credit for researchers (with permission)."})]})]})]}),d("div",{className:"space-y-4",children:[r("h2",{className:"font-bold text-2xl",children:"Next steps"}),r("p",{className:"text-muted-foreground",children:"Explore the broader safety controls or read the roadmap to see upcoming trust investments."}),d("div",{className:"flex flex-wrap gap-4 pt-4",children:[d(b,{href:"/docs/safety",className:"btn-ghost",children:["Safety overview ",r(S,{size:16})]}),d(b,{href:"/ROADMAP.md",className:"btn-ghost",children:["Roadmap ",r(S,{size:16})]})]})]})]})}import z from"@contractspec/lib.ui-link";import{ChevronRight as C}from"lucide-react";import{jsx as c,jsxs as u}from"react/jsx-runtime";function M(){return u("div",{className:"space-y-8",children:[u("div",{className:"space-y-2",children:[c("h1",{className:"font-bold text-4xl",children:"Spec Signing"}),c("p",{className:"text-lg text-muted-foreground",children:"Signing ensures specs haven't been tampered with and provides an audit trail of all changes."})]}),u("div",{className:"space-y-6",children:[u("div",{className:"space-y-3",children:[c("h2",{className:"font-bold text-2xl",children:"How it works"}),c("p",{className:"text-muted-foreground",children:"Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when."})]}),u("div",{className:"space-y-3",children:[c("h2",{className:"font-bold text-2xl",children:"Signing a spec"}),c("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:c("pre",{children:`contractspec sign app.spec.ts --key ~/.contractspec/key.pem
+contractspec deploy --signed app.spec.ts.signed`})})]}),u("div",{className:"space-y-3",children:[c("h2",{className:"font-bold text-2xl",children:"Verifying signatures"}),c("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:c("pre",{children:`contractspec verify app.spec.ts.signed
 # Output: \u2713 Signature valid
 # Signed by: alice@example.com
-# Timestamp: 2024-11-08T10:30:00Z`})})]}),n("div",{className:"flex items-center gap-4 pt-4",children:m(E,{href:"/docs/safety/pdp",className:"btn-primary",children:["Next: Policy Decision Points ",n(O,{size:16})]})})]})]})}import{jsx as p,jsxs as f}from"react/jsx-runtime";function U(){return f("div",{className:"space-y-8",children:[f("div",{className:"space-y-4",children:[p("h1",{className:"font-bold text-4xl",children:"Tenant Isolation"}),p("p",{className:"text-lg text-muted-foreground",children:'Preventing cross-tenant data leaks is the #1 security priority for any SaaS. ContractSpec employs "Defense in Depth" to ensure safety.'})]}),f("div",{className:"space-y-4",children:[p("h2",{className:"font-bold text-2xl",children:"Layer 1: RLS Middleware"}),f("p",{children:["The primary defense is the Prisma middleware that rewrites queries to include ",p("code",{children:"WHERE tenantId = ?"}),". This protects against developer error (forgetting to filter)."]})]}),f("div",{className:"space-y-4",children:[p("h2",{className:"font-bold text-2xl",children:"Layer 2: Isolation Validator"}),f("p",{children:["For high-security environments, you can use the"," ",p("code",{children:"IsolationValidator"})," in your test suite to verify that every query generated by your operations actually includes the tenant ID."]}),p("pre",{className:"rounded-lg border bg-muted p-4 text-sm",children:`import { IsolationValidator } from '@contractspec/lib.multi-tenancy/isolation';
+# Timestamp: 2024-11-08T10:30:00Z`})})]}),c("div",{className:"flex items-center gap-4 pt-4",children:u(z,{href:"/docs/safety/pdp",className:"btn-primary",children:["Next: Policy Decision Points ",c(C,{size:16})]})})]})]})}import{jsx as m,jsxs as y}from"react/jsx-runtime";function F(){return y("div",{className:"space-y-8",children:[y("div",{className:"space-y-4",children:[m("h1",{className:"font-bold text-4xl",children:"Tenant Isolation"}),m("p",{className:"text-lg text-muted-foreground",children:'Preventing cross-tenant data leaks is the #1 security priority for any SaaS. ContractSpec employs "Defense in Depth" to ensure safety.'})]}),y("div",{className:"space-y-4",children:[m("h2",{className:"font-bold text-2xl",children:"Layer 1: RLS Middleware"}),y("p",{children:["The primary defense is the Prisma middleware that rewrites queries to include ",m("code",{children:"WHERE tenantId = ?"}),". This protects against developer error (forgetting to filter)."]})]}),y("div",{className:"space-y-4",children:[m("h2",{className:"font-bold text-2xl",children:"Layer 2: Isolation Validator"}),y("p",{children:["For high-security environments, you can use the"," ",m("code",{children:"IsolationValidator"})," in your test suite to verify that every query generated by your operations actually includes the tenant ID."]}),m("pre",{className:"rounded-lg border bg-muted p-4 text-sm",children:`import { IsolationValidator } from '@contractspec/lib.multi-tenancy/isolation';
 test('findUser query is isolated', () => {
   const isValid = IsolationValidator.validateQuery(
@@ -85,4 +85,4 @@ test('findUser query is isolated', () => {
     'tenant-123'
   );
   expect(isValid).toBe(true);
-});`})]}),f("div",{className:"space-y-4",children:[p("h2",{className:"font-bold text-2xl",children:"Layer 3: Policy Engine"}),p("p",{children:"The Policy Decision Point (PDP) verifies that the authenticated user actually belongs to the requested tenant before any operation logic runs."})]})]})}export{U as SafetyTenantIsolationPage,V as SafetySigningPage,q as SafetySecurityTrustPage,A as SafetyPDPPage,D as SafetyOverviewPage,T as SafetyMigrationsPage,P as SafetyAuditingPage};
+});`})]}),y("div",{className:"space-y-4",children:[m("h2",{className:"font-bold text-2xl",children:"Layer 3: Policy Engine"}),m("p",{children:"The Policy Decision Point (PDP) verifies that the authenticated user actually belongs to the requested tenant before any operation logic runs."})]})]})}export{F as SafetyTenantIsolationPage,M as SafetySigningPage,W as SafetySecurityTrustPage,U as SafetyPDPPage,O as SafetyOverviewPage,A as SafetyMigrationsPage,D as SafetyAuditingPage};

package/dist/components/docs/shared/StudioPrompt.js CHANGED Viewed

@@ -1,2 +1,2 @@
 // @bun
-import a from"@contractspec/lib.ui-link";import{jsx as t,jsxs as n}from"react/jsx-runtime";function p({title:e="Need the operating layer on top of OSS ContractSpec?",body:o="ContractSpec Studio helps teams turn evidence into proposed spec changes, governed delivery loops, and execution-ready task packs while keeping the open contract system as the source of truth.",ctaLabel:r="See what Studio adds",href:s="https://www.contractspec.studio/docs"}){return n("div",{className:"card-subtle space-y-3 p-6",children:[t("h3",{className:"font-semibold text-lg",children:e}),t("p",{className:"text-muted-foreground text-sm",children:o}),t(a,{href:s,className:"btn-primary",children:r})]})}export{p as StudioPrompt};
+var a=Object.defineProperty;var n=(t)=>t;function i(t,e){this[t]=n.bind(null,e)}var d=(t,e)=>{for(var o in e)a(t,o,{get:e[o],enumerable:!0,configurable:!0,set:i.bind(e,o)})};var l=(t,e)=>()=>(t&&(e=t(t=0)),e);import p from"@contractspec/lib.ui-link";import{jsx as r,jsxs as c}from"react/jsx-runtime";function h({title:t="Need the operating layer on top of OSS ContractSpec?",body:e="ContractSpec Studio helps teams turn evidence into proposed spec changes, governed delivery loops, and execution-ready task packs while keeping the open contract system as the source of truth.",ctaLabel:o="See what Studio adds",href:s="https://www.contractspec.studio/docs"}){return c("div",{className:"card-subtle space-y-3 p-6",children:[r("h3",{className:"font-semibold text-lg",children:t}),r("p",{className:"text-muted-foreground text-sm",children:e}),r(p,{href:s,className:"btn-primary",children:o})]})}export{h as StudioPrompt};

package/dist/components/docs/specs/SpecsBuilderControlPlanePage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import{CodeBlock as o}from"@contractspec/lib.design-system";import r from"@contractspec/lib.ui-link";import{jsx as e,jsxs as t}from"react/jsx-runtime";var i=[{title:"Managed",body:"Best when the team wants the platform to own setup, routing, readiness, and mobile-safe defaults."},{title:"Local",body:"Best for power users who want tenant-local execution providers and tighter data-locality control."},{title:"Hybrid",body:"Best when some work should stay local while preview, review, or export flows still use managed coordination."}],n=["Capture prompts, files, voice, and other inbound sources into a typed workspace instead of relying on a single chat transcript.","Fuse the sources into decisions, assumptions, and blueprint updates with provenance and approval memory.","Compile authoring work into execution lanes, then route the work to explicit provider profiles and runtime targets.","Create previews, run readiness gates, and record receipts before export becomes an operator action.","Keep mobile review parity so approvals, incidents, and patch proposals can be inspected away from the desktop workbench."];function c(){return t("div",{className:"space-y-10",children:[t("section",{className:"space-y-3",children:[e("p",{className:"editorial-kicker",children:"Spec pack"}),e("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Builder is a governed authoring control plane, not a frontier coding agent."}),t("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:["The implemented Builder stack sits across"," ",e("code",{children:"@contractspec/lib.builder-spec"}),","," ",e("code",{children:"@contractspec/lib.builder-runtime"}),","," ",e("code",{children:"@contractspec/lib.provider-spec"}),", and the reusable workbench/mobile modules. It orchestrates inputs, provider routing, readiness, and export decisions on top of the OSS ContractSpec foundation and the Studio operating layer."]})]}),t("section",{className:"editorial-proof-strip",children:[t("div",{className:"editorial-stat",children:[e("span",{className:"editorial-label",children:"What Builder owns"}),e("span",{className:"editorial-stat-value",children:"fusion, routing, readiness, export"})]}),e("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Builder delegates synthesis and coding to external execution providers. Its job is to keep those runs policy-aware, provenance-rich, and usable from both desktop and mobile operator surfaces."})]}),t("section",{className:"editorial-panel space-y-5",children:[t("div",{className:"space-y-2",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Implemented stack and entrypoints"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"You can use the type surfaces directly in code, or start from the already wired workbench and mobile review routes in the public app shell."})]}),e(o,{language:"text",filename:"builder-stack",code:`Packages
+var s=Object.defineProperty;var l=(t)=>t;function c(t,o){this[t]=l.bind(null,o)}var u=(t,o)=>{for(var r in o)s(t,r,{get:o[r],enumerable:!0,configurable:!0,set:c.bind(o,r)})};var h=(t,o)=>()=>(t&&(o=t(t=0)),o);import{CodeBlock as i}from"@contractspec/lib.design-system";import n from"@contractspec/lib.ui-link";import{jsx as e,jsxs as a}from"react/jsx-runtime";var p=[{title:"Managed",body:"Best when the team wants the platform to own setup, routing, readiness, API defaults, and mobile-safe operator flows."},{title:"Local",body:"Best for power users who want local-daemon registration, tenant-local execution providers, and tighter data-locality control."},{title:"Hybrid",body:"Best when some work should stay local while preview, review, export, or mobile operator flows still use managed coordination."}],d=["Bootstrap managed, local-daemon, or hybrid presets explicitly instead of inventing provider posture ad hoc per host.","Capture prompts, files, voice, and other inbound sources into a typed workspace instead of relying on a single chat transcript.","Fuse the sources into decisions, assumptions, and blueprint updates with provenance and approval memory.","Compile authoring work into execution lanes, then route the work to explicit provider profiles and runtime targets.","Create previews, run readiness gates, and record receipts before export becomes an operator action.","Keep mobile review parity so approvals, incidents, and patch proposals can be inspected away from the desktop workbench."],m=["local trust and lease posture for registered local runtimes","channel-action and comparison posture data in the shared Builder snapshot","preview, readiness, export, and mobile-review state derived from the same workspace snapshot"];function w(){return a("div",{className:"space-y-10",children:[a("section",{className:"space-y-3",children:[e("p",{className:"editorial-kicker",children:"Spec pack"}),e("h1",{className:"font-serif text-4xl tracking-[-0.04em] md:text-5xl",children:"Builder is a governed authoring control plane, not a frontier coding agent."}),a("p",{className:"max-w-3xl text-lg text-muted-foreground leading-8",children:["The implemented Builder stack sits across"," ",e("code",{children:"@contractspec/lib.builder-spec"}),","," ",e("code",{children:"@contractspec/lib.builder-runtime"}),","," ",e("code",{children:"@contractspec/lib.provider-spec"}),", and the reusable workbench/mobile modules. It orchestrates inputs, provider routing, readiness, and export decisions on top of the OSS ContractSpec foundation and the Studio operating layer."]})]}),a("section",{className:"editorial-proof-strip",children:[a("div",{className:"editorial-stat",children:[e("span",{className:"editorial-label",children:"What Builder owns"}),e("span",{className:"editorial-stat-value",children:"fusion, routing, readiness, export"})]}),e("p",{className:"max-w-2xl text-muted-foreground text-sm leading-7",children:"Builder delegates synthesis and coding to external execution providers. Its job is to keep those runs policy-aware, provenance-rich, and usable from both desktop and mobile operator surfaces."})]}),a("section",{className:"editorial-panel space-y-5",children:[a("div",{className:"space-y-2",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Implemented stack and entrypoints"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"You can use the type surfaces directly in code, or start from the already wired workbench and mobile review routes in the public app shell."})]}),e(i,{language:"text",filename:"builder-stack",code:`Packages
 - @contractspec/lib.builder-spec
 - @contractspec/lib.builder-runtime
 - @contractspec/lib.provider-spec
@@ -13,7 +13,22 @@ Web app routes
 Operate API proxy
 - /api/operate/builder/queries/builder.workspace.snapshot
 - /api/operate/builder/commands/builder.blueprint.patch
-- /api/operate/builder/commands/builder.export.execute`})]}),e("section",{className:"grid gap-4 md:grid-cols-3",children:i.map((a)=>t("article",{className:"editorial-panel space-y-3",children:[e("h2",{className:"font-semibold text-xl",children:a.title}),e("p",{className:"text-muted-foreground text-sm leading-7",children:a.body})]},a.title))}),t("section",{className:"grid gap-5 lg:grid-cols-2",children:[t("article",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Typical Builder loop"}),e("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground text-sm leading-7",children:n.map((a)=>e("li",{children:a},a))})]}),t("article",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"What Builder should not become"}),t("ul",{className:"editorial-list",children:[t("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a competitor to specialized coding agents such as Codex or Claude Code."})]}),t("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a managed-only product that traps teams away from OSS-local runtime paths."})]}),t("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a hidden routing layer that obscures provider provenance, receipts, or runtime mode."})]}),t("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a desktop-only surface. Mobile review parity is part of the control-plane contract."})]})]})]})]}),t("section",{className:"editorial-panel space-y-5",children:[t("div",{className:"space-y-2",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Use the workbench UI as the host surface"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"The reusable module already exposes the desktop workbench shell. Your host app keeps control of action wiring, runtime mode selection, and approval flows."})]}),e(o,{language:"tsx",filename:"BuilderWorkbenchHost.tsx",code:`import { BuilderWorkbench, useBuilderWorkbenchState } from "@contractspec/module.builder-workbench";
+- /api/operate/builder/commands/builder.export.execute`})]}),e("section",{className:"grid gap-4 md:grid-cols-3",children:p.map((t)=>a("article",{className:"editorial-panel space-y-3",children:[e("h2",{className:"font-semibold text-xl",children:t.title}),e("p",{className:"text-muted-foreground text-sm leading-7",children:t.body})]},t.title))}),a("section",{className:"grid gap-5 lg:grid-cols-2",children:[a("article",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Typical Builder loop"}),e("ol",{className:"list-inside list-decimal space-y-3 text-muted-foreground text-sm leading-7",children:d.map((t)=>e("li",{children:t},t))})]}),a("article",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"What Builder should not become"}),a("ul",{className:"editorial-list",children:[a("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a competitor to specialized coding agents such as Codex or Claude Code."})]}),a("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a managed-only product that traps teams away from OSS-local runtime paths."})]}),a("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a hidden routing layer that obscures provider provenance, receipts, or runtime mode."})]}),a("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:"Not a desktop-only surface. Mobile review parity is part of the control-plane contract."})]})]})]})]}),a("section",{className:"editorial-panel space-y-5",children:[a("div",{className:"space-y-2",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Workspace config carries the current Builder defaults"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"Builder setup is no longer just an app-shell concern. The shared workspace config now carries runtime mode, bootstrap preset, control plane API defaults, and local runtime registration metadata so the CLI, editors, and web shells resolve the same posture."})]}),e(i,{language:"json",filename:".contractsrc.json",code:`{
+  "builder": {
+    "enabled": true,
+    "runtimeMode": "local",
+    "bootstrapPreset": "local_daemon_mvp",
+    "api": {
+      "baseUrl": "https://api.contractspec.io",
+      "controlPlaneTokenEnvVar": "CONTROL_PLANE_API_TOKEN"
+    },
+    "localRuntime": {
+      "runtimeId": "rt_local_daemon",
+      "grantedTo": "local:operator",
+      "providerIds": ["provider.codex", "provider.local.model"]
+    }
+  }
+}`})]}),a("section",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Operator posture stays visible"}),e("ul",{className:"editorial-list",children:m.map((t)=>a("li",{children:[e("span",{className:"editorial-list-marker"}),e("span",{children:t})]},t))})]}),a("section",{className:"editorial-panel space-y-5",children:[a("div",{className:"space-y-2",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Use the workbench UI as the host surface"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"The reusable module already exposes the desktop workbench shell. Your host app keeps control of action wiring, runtime mode selection, and approval flows."})]}),e(i,{language:"tsx",filename:"BuilderWorkbenchHost.tsx",code:`import { BuilderWorkbench, useBuilderWorkbenchState } from "@contractspec/module.builder-workbench";
 const state = useBuilderWorkbenchState({
   workspace: initialSnapshot.workspace,
@@ -31,4 +46,4 @@ const state = useBuilderWorkbenchState({
   onRunReadiness={runReadiness}
   onExecuteExport={executeExport}
   selectedExportRuntimeMode="hybrid"
-/>;`})]}),t("section",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Read this with the Studio bridge in mind"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"Builder is where the OSS foundation meets the richer operating layer. Use the Studio overview when you want the higher-level product posture and team workflows on top of these contracts."}),t("div",{className:"flex flex-wrap gap-3",children:[e(r,{href:"/docs/studio",className:"btn-primary",children:"Studio overview"}),e(r,{href:"/docs/architecture/control-plane",className:"btn-ghost",children:"Control-plane runtime"})]})]})]})}export{c as SpecsBuilderControlPlanePage};
+/>;`})]}),a("section",{className:"editorial-panel space-y-4",children:[e("h2",{className:"font-serif text-3xl tracking-[-0.03em]",children:"Read this with the Studio bridge in mind"}),e("p",{className:"text-muted-foreground text-sm leading-7",children:"Builder is where the OSS foundation meets the richer operating layer. Use the Studio overview when you want the higher-level product posture and team workflows on top of these contracts."}),a("div",{className:"flex flex-wrap gap-3",children:[e(n,{href:"/docs/studio",className:"btn-primary",children:"Studio overview"}),e(n,{href:"/docs/architecture/control-plane",className:"btn-ghost",children:"Control-plane runtime"})]})]})]})}export{w as SpecsBuilderControlPlanePage};

package/dist/components/docs/specs/SpecsCapabilitiesPage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 // @bun
-import z from"@contractspec/lib.ui-link";import{ChevronRight as A}from"lucide-react";import{jsx as q,jsxs as y}from"react/jsx-runtime";function E(){return y("div",{className:"space-y-8",children:[y("div",{className:"space-y-2",children:[q("h1",{className:"font-bold text-4xl",children:"Capabilities"}),q("p",{className:"text-lg text-muted-foreground",children:"Capabilities are the core building block of ContractSpec. They define what your app can do."})]}),y("div",{className:"space-y-6",children:[y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Overview"}),q("p",{className:"text-muted-foreground",children:"A ContractSpec (or Capability) is a typed, declarative description of an operation. It defines the operation's name, version, inputs, outputs, policies, and side effects. Runtime adapters automatically serve these as REST/GraphQL/MCP endpoints with full validation and policy enforcement."})]}),y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Defining a Command (Write)"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`import { defineCommand } from '@contractspec/lib.contracts-spec';
+var D=Object.defineProperty;var E=(z)=>z;function F(z,A){this[z]=E.bind(null,A)}var I=(z,A)=>{for(var B in A)D(z,B,{get:A[B],enumerable:!0,configurable:!0,set:F.bind(A,B)})};var J=(z,A)=>()=>(z&&(A=z(z=0)),A);import G from"@contractspec/lib.ui-link";import{ChevronRight as H}from"lucide-react";import{jsx as q,jsxs as y}from"react/jsx-runtime";function O(){return y("div",{className:"space-y-8",children:[y("div",{className:"space-y-2",children:[q("h1",{className:"font-bold text-4xl",children:"Capabilities"}),q("p",{className:"text-lg text-muted-foreground",children:"Capabilities are the core building block of ContractSpec. They define what your app can do."})]}),y("div",{className:"space-y-6",children:[y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Overview"}),q("p",{className:"text-muted-foreground",children:"A ContractSpec (or Capability) is a typed, declarative description of an operation. It defines the operation's name, version, inputs, outputs, policies, and side effects. Runtime adapters automatically serve these as REST/GraphQL/MCP endpoints with full validation and policy enforcement."})]}),y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Defining a Command (Write)"}),q("div",{className:"overflow-x-auto rounded-lg border border-border bg-background/50 p-4 font-mono text-muted-foreground text-sm",children:q("pre",{children:`import { defineCommand } from '@contractspec/lib.contracts-spec';
 import { SchemaModel, ScalarTypeEnum } from '@contractspec/lib.schema';
 const TransferFundsInput = new SchemaModel({
@@ -37,4 +37,4 @@ export const TransferFunds = defineCommand({
     auth: 'user',
     flags: ['payments_enabled'],
   },
-});`})})]}),y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Schema Types"}),y("p",{className:"text-muted-foreground",children:["ContractSpec uses ",q("code",{children:"@contractspec/lib.schema"})," for I/O definitions. This provides Zod validation, GraphQL types, and JSON Schema from a single source."]}),y("ul",{className:"space-y-2 text-muted-foreground",children:[y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.NonEmptyString()"})," ","- Non-empty text"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.PositiveNumber()"})," ","- Positive numbers"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.DateTime()"})," ","- ISO 8601 timestamps"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.Email()"})," ","- Valid email addresses"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"defineEnum(...)"})," ","- Type-safe enums"]})]})]}),q("div",{className:"flex items-center gap-4 pt-4",children:y(z,{href:"/docs/specs/dataviews",className:"btn-primary",children:["Next: DataViews ",q(A,{size:16})]})})]})]})}export{E as SpecsCapabilitiesPage};
+});`})})]}),y("div",{className:"space-y-3",children:[q("h2",{className:"font-bold text-2xl",children:"Schema Types"}),y("p",{className:"text-muted-foreground",children:["ContractSpec uses ",q("code",{children:"@contractspec/lib.schema"})," for I/O definitions. This provides Zod validation, GraphQL types, and JSON Schema from a single source."]}),y("ul",{className:"space-y-2 text-muted-foreground",children:[y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.NonEmptyString()"})," ","- Non-empty text"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.PositiveNumber()"})," ","- Positive numbers"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.DateTime()"})," ","- ISO 8601 timestamps"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"ScalarTypeEnum.Email()"})," ","- Valid email addresses"]}),y("li",{children:["\u2022"," ",q("code",{className:"rounded bg-background/50 px-2 py-1",children:"defineEnum(...)"})," ","- Type-safe enums"]})]})]}),q("div",{className:"flex items-center gap-4 pt-4",children:y(G,{href:"/docs/specs/dataviews",className:"btn-primary",children:["Next: DataViews ",q(H,{size:16})]})})]})]})}export{O as SpecsCapabilitiesPage};