@contractspec/example.policy-safe-knowledge-assistant 1.57.0 → 1.58.0

package/dist/handlers/policy-safe-knowledge-assistant.handlers.js

@@ -1,264 +1,335 @@
-import { buildPolicySafeAnswer } from "../orchestrator/buildAnswer.js";
-import { web } from "@contractspec/lib.runtime-sandbox";
+// @bun
+// src/orchestrator/buildAnswer.ts
+import {
+  enforceAllowedScope,
+  enforceCitations,
+  validateEnvelope
+} from "@contractspec/example.locale-jurisdiction-gate/policy/guard";
+async function buildPolicySafeAnswer(input) {
+  const env = validateEnvelope(input.envelope);
+  if (!env.ok) {
+    return {
+      locale: input.envelope.locale ?? "en-GB",
+      jurisdiction: input.envelope.regulatoryContext?.jurisdiction ?? "UNKNOWN",
+      allowedScope: input.envelope.allowedScope ?? "education_only",
+      sections: [{ heading: "Request blocked", body: env.error.message }],
+      citations: [],
+      disclaimers: ["This system refuses to answer without a valid envelope."],
+      riskFlags: [env.error.code],
+      refused: true,
+      refusalReason: env.error.code
+    };
+  }
+  const results = await input.kbSearch({
+    snapshotId: env.value.kbSnapshotId,
+    jurisdiction: env.value.regulatoryContext?.jurisdiction ?? "UNKNOWN",
+    query: input.question
+  });
+  const citations = results.items.map((item) => ({
+    kbSnapshotId: env.value.kbSnapshotId,
+    sourceType: "ruleVersion",
+    sourceId: item.ruleVersionId,
+    title: "Curated rule version",
+    excerpt: item.excerpt
+  }));
+  const draft = {
+    locale: env.value.locale,
+    jurisdiction: env.value.regulatoryContext?.jurisdiction ?? "UNKNOWN",
+    allowedScope: env.value.allowedScope,
+    sections: [
+      {
+        heading: "Answer (KB-derived)",
+        body: results.items.length > 0 ? `This answer is derived from ${results.items.length} curated rule version(s) in the referenced snapshot.` : "No curated knowledge found in the referenced snapshot."
+      }
+    ],
+    citations,
+    disclaimers: ["Educational demo only."],
+    riskFlags: []
+  };
+  const scope = enforceAllowedScope(env.value.allowedScope, draft);
+  if (!scope.ok) {
+    return {
+      ...draft,
+      sections: [{ heading: "Escalation required", body: scope.error.message }],
+      refused: true,
+      refusalReason: scope.error.code,
+      riskFlags: [...draft.riskFlags ?? [], scope.error.code]
+    };
+  }
+  const cited = enforceCitations(draft);
+  if (!cited.ok) {
+    return {
+      ...draft,
+      sections: [{ heading: "Request blocked", body: cited.error.message }],
+      citations: [],
+      refused: true,
+      refusalReason: cited.error.code,
+      riskFlags: [...draft.riskFlags ?? [], cited.error.code]
+    };
+  }
+  return draft;
+}
 
-//#region src/handlers/policy-safe-knowledge-assistant.handlers.ts
-const { generateId } = web;
+// src/handlers/policy-safe-knowledge-assistant.handlers.ts
+import { web } from "@contractspec/lib.runtime-sandbox";
+var { generateId } = web;
 function parseJsonArray(value) {
-	if (!value) return [];
-	try {
-		const parsed = JSON.parse(value);
-		return Array.isArray(parsed) ? parsed.filter((v) => typeof v === "string") : [];
-	} catch {
-		return [];
-	}
+  if (!value)
+    return [];
+  try {
+    const parsed = JSON.parse(value);
+    return Array.isArray(parsed) ? parsed.filter((v) => typeof v === "string") : [];
+  } catch {
+    return [];
+  }
 }
 function nowIso() {
-	return (/* @__PURE__ */ new Date()).toISOString();
+  return new Date().toISOString();
 }
 function createPolicySafeKnowledgeAssistantHandlers(db) {
-	async function getUserContext(input) {
-		const row = (await db.query(`SELECT * FROM psa_user_context WHERE "projectId" = $1 LIMIT 1`, [input.projectId])).rows[0];
-		if (!row) return {
-			projectId: input.projectId,
-			locale: "en-GB",
-			jurisdiction: "EU",
-			allowedScope: "education_only",
-			kbSnapshotId: null
-		};
-		return {
-			projectId: row.projectId,
-			locale: row.locale,
-			jurisdiction: row.jurisdiction,
-			allowedScope: row.allowedScope,
-			kbSnapshotId: row.kbSnapshotId
-		};
-	}
-	async function setUserContext(input) {
-		if ((await db.query(`SELECT "projectId" FROM psa_user_context WHERE "projectId" = $1 LIMIT 1`, [input.projectId])).rows.length) await db.execute(`UPDATE psa_user_context SET locale = $1, jurisdiction = $2, "allowedScope" = $3 WHERE "projectId" = $4`, [
-			input.locale,
-			input.jurisdiction,
-			input.allowedScope,
-			input.projectId
-		]);
-		else await db.execute(`INSERT INTO psa_user_context ("projectId", locale, jurisdiction, "allowedScope", "kbSnapshotId") VALUES ($1, $2, $3, $4, $5)`, [
-			input.projectId,
-			input.locale,
-			input.jurisdiction,
-			input.allowedScope,
-			null
-		]);
-		return await getUserContext({ projectId: input.projectId });
-	}
-	async function createRule(input) {
-		const id = generateId("psa_rule");
-		await db.execute(`INSERT INTO psa_rule (id, "projectId", jurisdiction, "topicKey") VALUES ($1, $2, $3, $4)`, [
-			id,
-			input.projectId,
-			input.jurisdiction,
-			input.topicKey
-		]);
-		return {
-			id,
-			...input
-		};
-	}
-	async function upsertRuleVersion(input) {
-		if (!input.sourceRefs.length) throw new Error("SOURCE_REFS_REQUIRED");
-		const rule = (await db.query(`SELECT * FROM psa_rule WHERE id = $1 LIMIT 1`, [input.ruleId])).rows[0];
-		if (!rule) throw new Error("RULE_NOT_FOUND");
-		const maxResult = await db.query(`SELECT MAX(version) as maxVersion FROM psa_rule_version WHERE "ruleId" = $1`, [input.ruleId]);
-		const version = Number(maxResult.rows[0]?.maxVersion ?? 0) + 1;
-		const id = generateId("psa_rv");
-		const createdAt = nowIso();
-		await db.execute(`INSERT INTO psa_rule_version (id, "ruleId", jurisdiction, "topicKey", version, content, status, "sourceRefsJson", "approvedBy", "approvedAt", "createdAt")
+  async function getUserContext(input) {
+    const result = await db.query(`SELECT * FROM psa_user_context WHERE "projectId" = $1 LIMIT 1`, [input.projectId]);
+    const row = result.rows[0];
+    if (!row) {
+      return {
+        projectId: input.projectId,
+        locale: "en-GB",
+        jurisdiction: "EU",
+        allowedScope: "education_only",
+        kbSnapshotId: null
+      };
+    }
+    return {
+      projectId: row.projectId,
+      locale: row.locale,
+      jurisdiction: row.jurisdiction,
+      allowedScope: row.allowedScope,
+      kbSnapshotId: row.kbSnapshotId
+    };
+  }
+  async function setUserContext(input) {
+    const existing = await db.query(`SELECT "projectId" FROM psa_user_context WHERE "projectId" = $1 LIMIT 1`, [input.projectId]);
+    if (existing.rows.length) {
+      await db.execute(`UPDATE psa_user_context SET locale = $1, jurisdiction = $2, "allowedScope" = $3 WHERE "projectId" = $4`, [input.locale, input.jurisdiction, input.allowedScope, input.projectId]);
+    } else {
+      await db.execute(`INSERT INTO psa_user_context ("projectId", locale, jurisdiction, "allowedScope", "kbSnapshotId") VALUES ($1, $2, $3, $4, $5)`, [
+        input.projectId,
+        input.locale,
+        input.jurisdiction,
+        input.allowedScope,
+        null
+      ]);
+    }
+    return await getUserContext({ projectId: input.projectId });
+  }
+  async function createRule(input) {
+    const id = generateId("psa_rule");
+    await db.execute(`INSERT INTO psa_rule (id, "projectId", jurisdiction, "topicKey") VALUES ($1, $2, $3, $4)`, [id, input.projectId, input.jurisdiction, input.topicKey]);
+    return { id, ...input };
+  }
+  async function upsertRuleVersion(input) {
+    if (!input.sourceRefs.length)
+      throw new Error("SOURCE_REFS_REQUIRED");
+    const rulesResult = await db.query(`SELECT * FROM psa_rule WHERE id = $1 LIMIT 1`, [input.ruleId]);
+    const rule = rulesResult.rows[0];
+    if (!rule)
+      throw new Error("RULE_NOT_FOUND");
+    const maxResult = await db.query(`SELECT MAX(version) as maxVersion FROM psa_rule_version WHERE "ruleId" = $1`, [input.ruleId]);
+    const maxVersion = Number(maxResult.rows[0]?.maxVersion ?? 0);
+    const version = maxVersion + 1;
+    const id = generateId("psa_rv");
+    const createdAt = nowIso();
+    await db.execute(`INSERT INTO psa_rule_version (id, "ruleId", jurisdiction, "topicKey", version, content, status, "sourceRefsJson", "approvedBy", "approvedAt", "createdAt")
        VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)`, [
-			id,
-			input.ruleId,
-			rule.jurisdiction,
-			rule.topicKey,
-			version,
-			input.content,
-			"draft",
-			JSON.stringify(input.sourceRefs),
-			null,
-			null,
-			createdAt
-		]);
-		return {
-			id,
-			ruleId: input.ruleId,
-			jurisdiction: rule.jurisdiction,
-			topicKey: rule.topicKey,
-			version,
-			content: input.content,
-			status: "draft",
-			sourceRefs: input.sourceRefs,
-			createdAt: new Date(createdAt)
-		};
-	}
-	async function approveRuleVersion(input) {
-		const approvedAt = nowIso();
-		await db.execute(`UPDATE psa_rule_version SET status = $1, "approvedBy" = $2, "approvedAt" = $3 WHERE id = $4`, [
-			"approved",
-			input.approver,
-			approvedAt,
-			input.ruleVersionId
-		]);
-		return {
-			ruleVersionId: input.ruleVersionId,
-			status: "approved"
-		};
-	}
-	async function publishSnapshot(input) {
-		const includedIds = (await db.query(`SELECT id FROM psa_rule_version WHERE jurisdiction = $1 AND status = 'approved' ORDER BY id ASC`, [input.jurisdiction])).rows.map((r) => r.id).filter(Boolean);
-		if (!includedIds.length) throw new Error("NO_APPROVED_RULES");
-		const id = generateId("psa_snap");
-		const publishedAt = nowIso();
-		await db.execute(`INSERT INTO psa_snapshot (id, jurisdiction, "asOfDate", "includedRuleVersionIdsJson", "publishedAt")
+      id,
+      input.ruleId,
+      rule.jurisdiction,
+      rule.topicKey,
+      version,
+      input.content,
+      "draft",
+      JSON.stringify(input.sourceRefs),
+      null,
+      null,
+      createdAt
+    ]);
+    return {
+      id,
+      ruleId: input.ruleId,
+      jurisdiction: rule.jurisdiction,
+      topicKey: rule.topicKey,
+      version,
+      content: input.content,
+      status: "draft",
+      sourceRefs: input.sourceRefs,
+      createdAt: new Date(createdAt)
+    };
+  }
+  async function approveRuleVersion(input) {
+    const approvedAt = nowIso();
+    await db.execute(`UPDATE psa_rule_version SET status = $1, "approvedBy" = $2, "approvedAt" = $3 WHERE id = $4`, ["approved", input.approver, approvedAt, input.ruleVersionId]);
+    return { ruleVersionId: input.ruleVersionId, status: "approved" };
+  }
+  async function publishSnapshot(input) {
+    const approvedResult = await db.query(`SELECT id FROM psa_rule_version WHERE jurisdiction = $1 AND status = 'approved' ORDER BY id ASC`, [input.jurisdiction]);
+    const includedIds = approvedResult.rows.map((r) => r.id).filter(Boolean);
+    if (!includedIds.length)
+      throw new Error("NO_APPROVED_RULES");
+    const id = generateId("psa_snap");
+    const publishedAt = nowIso();
+    await db.execute(`INSERT INTO psa_snapshot (id, jurisdiction, "asOfDate", "includedRuleVersionIdsJson", "publishedAt")
        VALUES ($1, $2, $3, $4, $5)`, [
-			id,
-			input.jurisdiction,
-			input.asOfDate.toISOString(),
-			JSON.stringify(includedIds),
-			publishedAt
-		]);
-		await db.execute(`UPDATE psa_user_context SET "kbSnapshotId" = $1 WHERE "projectId" = $2`, [id, input.projectId]);
-		return {
-			id,
-			jurisdiction: input.jurisdiction,
-			includedRuleVersionIds: includedIds
-		};
-	}
-	async function searchKb(input) {
-		const snap = (await db.query(`SELECT * FROM psa_snapshot WHERE id = $1 LIMIT 1`, [input.snapshotId])).rows[0];
-		if (!snap) throw new Error("SNAPSHOT_NOT_FOUND");
-		if (snap.jurisdiction !== input.jurisdiction) throw new Error("JURISDICTION_MISMATCH");
-		const includedIds = parseJsonArray(snap.includedRuleVersionIdsJson);
-		const tokens = input.query.toLowerCase().split(/\s+/).map((t) => t.trim()).filter(Boolean);
-		const items = [];
-		for (const id of includedIds) {
-			const rv = (await db.query(`SELECT * FROM psa_rule_version WHERE id = $1 LIMIT 1`, [id])).rows[0];
-			if (!rv) continue;
-			const hay = rv.content.toLowerCase();
-			if (!(tokens.length ? tokens.every((t) => hay.includes(t)) : true)) continue;
-			items.push({
-				ruleVersionId: rv.id,
-				excerpt: rv.content.slice(0, 140)
-			});
-		}
-		return { items };
-	}
-	async function answer(input) {
-		const ctx = await getUserContext({ projectId: input.projectId });
-		if (!ctx.kbSnapshotId) return await buildPolicySafeAnswer({
-			envelope: {
-				traceId: generateId("trace"),
-				locale: ctx.locale,
-				kbSnapshotId: "",
-				allowedScope: ctx.allowedScope,
-				regulatoryContext: { jurisdiction: ctx.jurisdiction }
-			},
-			question: input.question,
-			kbSearch: async () => ({ items: [] })
-		});
-		return await buildPolicySafeAnswer({
-			envelope: {
-				traceId: generateId("trace"),
-				locale: ctx.locale,
-				kbSnapshotId: ctx.kbSnapshotId,
-				allowedScope: ctx.allowedScope,
-				regulatoryContext: { jurisdiction: ctx.jurisdiction }
-			},
-			question: input.question,
-			kbSearch: async (q) => await searchKb(q)
-		});
-	}
-	async function createChangeCandidate(input) {
-		const id = generateId("psa_change");
-		await db.execute(`INSERT INTO psa_change_candidate (id, "projectId", jurisdiction, "detectedAt", "diffSummary", "riskLevel", "proposedRuleVersionIdsJson")
+      id,
+      input.jurisdiction,
+      input.asOfDate.toISOString(),
+      JSON.stringify(includedIds),
+      publishedAt
+    ]);
+    await db.execute(`UPDATE psa_user_context SET "kbSnapshotId" = $1 WHERE "projectId" = $2`, [id, input.projectId]);
+    return {
+      id,
+      jurisdiction: input.jurisdiction,
+      includedRuleVersionIds: includedIds
+    };
+  }
+  async function searchKb(input) {
+    const snapResult = await db.query(`SELECT * FROM psa_snapshot WHERE id = $1 LIMIT 1`, [input.snapshotId]);
+    const snap = snapResult.rows[0];
+    if (!snap)
+      throw new Error("SNAPSHOT_NOT_FOUND");
+    if (snap.jurisdiction !== input.jurisdiction)
+      throw new Error("JURISDICTION_MISMATCH");
+    const includedIds = parseJsonArray(snap.includedRuleVersionIdsJson);
+    const tokens = input.query.toLowerCase().split(/\s+/).map((t) => t.trim()).filter(Boolean);
+    const items = [];
+    for (const id of includedIds) {
+      const rvResult = await db.query(`SELECT * FROM psa_rule_version WHERE id = $1 LIMIT 1`, [id]);
+      const rv = rvResult.rows[0];
+      if (!rv)
+        continue;
+      const hay = rv.content.toLowerCase();
+      const match = tokens.length ? tokens.every((t) => hay.includes(t)) : true;
+      if (!match)
+        continue;
+      items.push({ ruleVersionId: rv.id, excerpt: rv.content.slice(0, 140) });
+    }
+    return { items };
+  }
+  async function answer(input) {
+    const ctx = await getUserContext({ projectId: input.projectId });
+    if (!ctx.kbSnapshotId) {
+      const refused = await buildPolicySafeAnswer({
+        envelope: {
+          traceId: generateId("trace"),
+          locale: ctx.locale,
+          kbSnapshotId: "",
+          allowedScope: ctx.allowedScope,
+          regulatoryContext: { jurisdiction: ctx.jurisdiction }
+        },
+        question: input.question,
+        kbSearch: async () => ({ items: [] })
+      });
+      return refused;
+    }
+    return await buildPolicySafeAnswer({
+      envelope: {
+        traceId: generateId("trace"),
+        locale: ctx.locale,
+        kbSnapshotId: ctx.kbSnapshotId,
+        allowedScope: ctx.allowedScope,
+        regulatoryContext: { jurisdiction: ctx.jurisdiction }
+      },
+      question: input.question,
+      kbSearch: async (q) => await searchKb(q)
+    });
+  }
+  async function createChangeCandidate(input) {
+    const id = generateId("psa_change");
+    await db.execute(`INSERT INTO psa_change_candidate (id, "projectId", jurisdiction, "detectedAt", "diffSummary", "riskLevel", "proposedRuleVersionIdsJson")
        VALUES ($1, $2, $3, $4, $5, $6, $7)`, [
-			id,
-			input.projectId,
-			input.jurisdiction,
-			nowIso(),
-			input.diffSummary,
-			input.riskLevel,
-			JSON.stringify(input.proposedRuleVersionIds)
-		]);
-		return { id };
-	}
-	async function createReviewTask(input) {
-		const candidate = (await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [input.changeCandidateId])).rows[0];
-		if (!candidate) throw new Error("CHANGE_CANDIDATE_NOT_FOUND");
-		const assignedRole = candidate.riskLevel === "high" ? "expert" : "curator";
-		const id = generateId("psa_review");
-		await db.execute(`INSERT INTO psa_review_task (id, "changeCandidateId", status, "assignedRole", decision, "decidedAt", "decidedBy")
-       VALUES ($1, $2, $3, $4, $5, $6, $7)`, [
-			id,
-			input.changeCandidateId,
-			"open",
-			assignedRole,
-			null,
-			null,
-			null
-		]);
-		return {
-			id,
-			assignedRole
-		};
-	}
-	async function submitDecision(input) {
-		const task = (await db.query(`SELECT * FROM psa_review_task WHERE id = $1 LIMIT 1`, [input.reviewTaskId])).rows[0];
-		if (!task) throw new Error("REVIEW_TASK_NOT_FOUND");
-		const candidate = (await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [task.changeCandidateId])).rows[0];
-		if (!candidate) throw new Error("CHANGE_CANDIDATE_NOT_FOUND");
-		if (candidate.riskLevel === "high" && input.decision === "approve" && input.decidedByRole !== "expert") throw new Error("FORBIDDEN_ROLE");
-		const decidedAt = nowIso();
-		await db.execute(`UPDATE psa_review_task SET status = $1, decision = $2, "decidedAt" = $3, "decidedBy" = $4 WHERE id = $5`, [
-			"decided",
-			input.decision,
-			decidedAt,
-			input.decidedBy,
-			input.reviewTaskId
-		]);
-		return {
-			id: input.reviewTaskId,
-			status: "decided"
-		};
-	}
-	async function publishIfReady(input) {
-		const openResult = await db.query(`SELECT COUNT(*) as count FROM psa_review_task WHERE status != 'decided'`, []);
-		if (Number(openResult.rows[0]?.count ?? 0) > 0) throw new Error("NOT_READY");
-		const decidedResult = await db.query(`SELECT * FROM psa_review_task`, []);
-		for (const row of decidedResult.rows) {
-			if (row.decision !== "approve") continue;
-			const cand = (await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [row.changeCandidateId])).rows[0];
-			if (!cand) continue;
-			if (cand.jurisdiction !== input.jurisdiction) continue;
-			const proposedIds = parseJsonArray(cand.proposedRuleVersionIdsJson);
-			for (const rvId of proposedIds) {
-				const rvQueryResult = await db.query(`SELECT status FROM psa_rule_version WHERE id = $1 LIMIT 1`, [rvId]);
-				if (String(rvQueryResult.rows[0]?.status ?? "") !== "approved") throw new Error("NOT_READY");
-			}
-		}
-		return { published: true };
-	}
-	return {
-		getUserContext,
-		setUserContext,
-		createRule,
-		upsertRuleVersion,
-		approveRuleVersion,
-		publishSnapshot,
-		searchKb,
-		answer,
-		createChangeCandidate,
-		createReviewTask,
-		submitDecision,
-		publishIfReady
-	};
+      id,
+      input.projectId,
+      input.jurisdiction,
+      nowIso(),
+      input.diffSummary,
+      input.riskLevel,
+      JSON.stringify(input.proposedRuleVersionIds)
+    ]);
+    return { id };
+  }
+  async function createReviewTask(input) {
+    const candResult = await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [input.changeCandidateId]);
+    const candidate = candResult.rows[0];
+    if (!candidate)
+      throw new Error("CHANGE_CANDIDATE_NOT_FOUND");
+    const assignedRole = candidate.riskLevel === "high" ? "expert" : "curator";
+    const id = generateId("psa_review");
+    await db.execute(`INSERT INTO psa_review_task (id, "changeCandidateId", status, "assignedRole", decision, "decidedAt", "decidedBy")
+       VALUES ($1, $2, $3, $4, $5, $6, $7)`, [id, input.changeCandidateId, "open", assignedRole, null, null, null]);
+    return { id, assignedRole };
+  }
+  async function submitDecision(input) {
+    const reviewResult = await db.query(`SELECT * FROM psa_review_task WHERE id = $1 LIMIT 1`, [input.reviewTaskId]);
+    const task = reviewResult.rows[0];
+    if (!task)
+      throw new Error("REVIEW_TASK_NOT_FOUND");
+    const candidateResult = await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [task.changeCandidateId]);
+    const candidate = candidateResult.rows[0];
+    if (!candidate)
+      throw new Error("CHANGE_CANDIDATE_NOT_FOUND");
+    if (candidate.riskLevel === "high" && input.decision === "approve" && input.decidedByRole !== "expert") {
+      throw new Error("FORBIDDEN_ROLE");
+    }
+    const decidedAt = nowIso();
+    await db.execute(`UPDATE psa_review_task SET status = $1, decision = $2, "decidedAt" = $3, "decidedBy" = $4 WHERE id = $5`, [
+      "decided",
+      input.decision,
+      decidedAt,
+      input.decidedBy,
+      input.reviewTaskId
+    ]);
+    return { id: input.reviewTaskId, status: "decided" };
+  }
+  async function publishIfReady(input) {
+    const openResult = await db.query(`SELECT COUNT(*) as count FROM psa_review_task WHERE status != 'decided'`, []);
+    const openCount = Number(openResult.rows[0]?.count ?? 0);
+    if (openCount > 0)
+      throw new Error("NOT_READY");
+    const decidedResult = await db.query(`SELECT * FROM psa_review_task`, []);
+    for (const row of decidedResult.rows) {
+      if (row.decision !== "approve")
+        continue;
+      const candQueryResult = await db.query(`SELECT * FROM psa_change_candidate WHERE id = $1 LIMIT 1`, [row.changeCandidateId]);
+      const cand = candQueryResult.rows[0];
+      if (!cand)
+        continue;
+      if (cand.jurisdiction !== input.jurisdiction)
+        continue;
+      const proposedIds = parseJsonArray(cand.proposedRuleVersionIdsJson);
+      for (const rvId of proposedIds) {
+        const rvQueryResult = await db.query(`SELECT status FROM psa_rule_version WHERE id = $1 LIMIT 1`, [rvId]);
+        const status = String(rvQueryResult.rows[0]?.status ?? "");
+        if (status !== "approved")
+          throw new Error("NOT_READY");
+      }
+    }
+    return { published: true };
+  }
+  return {
+    getUserContext,
+    setUserContext,
+    createRule,
+    upsertRuleVersion,
+    approveRuleVersion,
+    publishSnapshot,
+    searchKb,
+    answer,
+    createChangeCandidate,
+    createReviewTask,
+    submitDecision,
+    publishIfReady
+  };
 }
-
-//#endregion
-export { createPolicySafeKnowledgeAssistantHandlers };
-//# sourceMappingURL=policy-safe-knowledge-assistant.handlers.js.map
+export {
+  createPolicySafeKnowledgeAssistantHandlers
+};

package/dist/index.d.ts

@@ -1,8 +1,11 @@
-import example from "./example.js";
-import { PolicySafeKnowledgeAssistantFeature } from "./policy-safe-knowledge-assistant.feature.js";
-import { DEMO_FIXTURES } from "./seed/fixtures.js";
-import { AssistantAnswerIR, BuildAnswerInput, buildPolicySafeAnswer } from "./orchestrator/buildAnswer.js";
-import { PolicySafeKnowledgeAssistantDashboard } from "./ui/PolicySafeKnowledgeAssistantDashboard.js";
-import "./ui/index.js";
-import { PolicySafeKnowledgeAssistantHandlers, createPolicySafeKnowledgeAssistantHandlers } from "./handlers/policy-safe-knowledge-assistant.handlers.js";
-export { AssistantAnswerIR, BuildAnswerInput, DEMO_FIXTURES, PolicySafeKnowledgeAssistantDashboard, PolicySafeKnowledgeAssistantFeature, PolicySafeKnowledgeAssistantHandlers, buildPolicySafeAnswer, createPolicySafeKnowledgeAssistantHandlers, example };
+/**
+ * Policy-safe Knowledge Assistant (all-in-one template) — spec-first exports.
+ */
+export * from './policy-safe-knowledge-assistant.feature';
+export * from './seed';
+export * from './orchestrator/buildAnswer';
+export * from './handlers/policy-safe-knowledge-assistant.handlers';
+export * from './ui';
+export { default as example } from './example';
+import './docs';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,cAAc,2CAA2C,CAAC;AAC1D,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qDAAqD,CAAC;AACpE,cAAc,MAAM,CAAC;AACrB,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,WAAW,CAAC;AAE/C,OAAO,QAAQ,CAAC"}