npm - @cosmicdrift/kumiko-framework - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-framework 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (388) hide show

package/README.md +159 -0
package/package.json +91 -0
package/src/__tests__/anonymous-access.integration.ts +325 -0
package/src/__tests__/error-contract.integration.ts +435 -0
package/src/__tests__/field-access.integration.ts +269 -0
package/src/__tests__/full-stack.integration.ts +914 -0
package/src/__tests__/ownership.integration.ts +449 -0
package/src/__tests__/reference-data.integration.ts +198 -0
package/src/__tests__/transition-guard.integration.ts +340 -0
package/src/api/__tests__/api.test.ts +337 -0
package/src/api/__tests__/auth-middleware-transport.test.ts +80 -0
package/src/api/__tests__/auth-routes-cookie.test.ts +179 -0
package/src/api/__tests__/batch.integration.ts +404 -0
package/src/api/__tests__/body-limit.test.ts +88 -0
package/src/api/__tests__/csrf-middleware.test.ts +97 -0
package/src/api/__tests__/dispatcher-live.integration.ts +216 -0
package/src/api/__tests__/metrics-endpoint.test.ts +126 -0
package/src/api/__tests__/nested-write.integration.ts +213 -0
package/src/api/__tests__/readiness.test.ts +76 -0
package/src/api/__tests__/request-id-middleware.test.ts +72 -0
package/src/api/__tests__/sse-broker.test.ts +58 -0
package/src/api/__tests__/sse-route.test.ts +112 -0
package/src/api/anonymous-cookie.ts +60 -0
package/src/api/api-constants.ts +64 -0
package/src/api/auth-middleware.ts +418 -0
package/src/api/auth-routes.ts +982 -0
package/src/api/csrf-middleware.ts +77 -0
package/src/api/index.ts +31 -0
package/src/api/jwt.ts +66 -0
package/src/api/observability-middleware.ts +89 -0
package/src/api/readiness.ts +132 -0
package/src/api/request-context.ts +49 -0
package/src/api/request-id-middleware.ts +50 -0
package/src/api/route-registrars.ts +195 -0
package/src/api/routes.ts +135 -0
package/src/api/server.ts +640 -0
package/src/api/sse-broker.ts +71 -0
package/src/api/sse-route.ts +62 -0
package/src/api/tokens.ts +16 -0
package/src/db/__tests__/apply-entity-event-tenant.integration.ts +159 -0
package/src/db/__tests__/compound-types.test.ts +114 -0
package/src/db/__tests__/connection-options.test.ts +68 -0
package/src/db/__tests__/cursor.test.ts +41 -0
package/src/db/__tests__/db-helpers.test.ts +369 -0
package/src/db/__tests__/dialect-instant.test.ts +50 -0
package/src/db/__tests__/drizzle-helpers.integration.ts +186 -0
package/src/db/__tests__/drizzle-table-types.test.ts +162 -0
package/src/db/__tests__/encryption.test.ts +39 -0
package/src/db/__tests__/event-store-executor-list.integration.ts +313 -0
package/src/db/__tests__/event-store-executor.integration.ts +235 -0
package/src/db/__tests__/implicit-projection-equivalence.integration.ts +304 -0
package/src/db/__tests__/located-timestamp.test.ts +184 -0
package/src/db/__tests__/money.test.ts +199 -0
package/src/db/__tests__/multi-row-insert.integration.ts +76 -0
package/src/db/__tests__/parse-auto-verb.test.ts +70 -0
package/src/db/__tests__/required-not-null-migration-safety.integration.ts +105 -0
package/src/db/__tests__/row-helpers.test.ts +59 -0
package/src/db/__tests__/schema-migration.integration.ts +273 -0
package/src/db/__tests__/table-builder-indexes.test.ts +153 -0
package/src/db/__tests__/table-builder-required.test.ts +216 -0
package/src/db/__tests__/tenant-db.integration.ts +606 -0
package/src/db/__tests__/unique-violation-mapping.integration.ts +166 -0
package/src/db/apply-entity-event.ts +188 -0
package/src/db/assert-exists-in.ts +59 -0
package/src/db/compound-types.ts +47 -0
package/src/db/connection.ts +104 -0
package/src/db/cursor.ts +83 -0
package/src/db/dialect.ts +109 -0
package/src/db/eagerload.ts +174 -0
package/src/db/encryption.ts +39 -0
package/src/db/event-store-executor.ts +906 -0
package/src/db/index.ts +55 -0
package/src/db/located-timestamp.ts +114 -0
package/src/db/money.ts +120 -0
package/src/db/pg-error.ts +46 -0
package/src/db/reference-data.ts +77 -0
package/src/db/row-helpers.ts +53 -0
package/src/db/schema-inspection.ts +25 -0
package/src/db/table-builder.ts +475 -0
package/src/db/tenant-db.ts +434 -0
package/src/engine/__tests__/auth-claims-registrar.test.ts +74 -0
package/src/engine/__tests__/boot-validator-located-timestamps.test.ts +108 -0
package/src/engine/__tests__/boot-validator.test.ts +1865 -0
package/src/engine/__tests__/build-app-schema.test.ts +154 -0
package/src/engine/__tests__/claim-keys.test.ts +274 -0
package/src/engine/__tests__/config-helpers.test.ts +236 -0
package/src/engine/__tests__/effective-features.test.ts +86 -0
package/src/engine/__tests__/engine.test.ts +1461 -0
package/src/engine/__tests__/entity-handlers.test.ts +274 -0
package/src/engine/__tests__/event-helpers.test.ts +68 -0
package/src/engine/__tests__/extends-registrar.test.ts +159 -0
package/src/engine/__tests__/factories-long-text.test.ts +84 -0
package/src/engine/__tests__/factories-time.test.ts +158 -0
package/src/engine/__tests__/field-predicates.test.ts +48 -0
package/src/engine/__tests__/hook-phases.test.ts +132 -0
package/src/engine/__tests__/identifiers.test.ts +35 -0
package/src/engine/__tests__/lifecycle-hooks.test.ts +237 -0
package/src/engine/__tests__/nav.test.ts +267 -0
package/src/engine/__tests__/ownership.test.ts +421 -0
package/src/engine/__tests__/parse-ref-target.test.ts +43 -0
package/src/engine/__tests__/projection-helpers.test.ts +62 -0
package/src/engine/__tests__/projection.test.ts +191 -0
package/src/engine/__tests__/qualified-name.test.ts +264 -0
package/src/engine/__tests__/resolve-config-or-param.test.ts +315 -0
package/src/engine/__tests__/run-in.test.ts +38 -0
package/src/engine/__tests__/schema-builder.test.ts +380 -0
package/src/engine/__tests__/screen.test.ts +408 -0
package/src/engine/__tests__/state-machine.test.ts +148 -0
package/src/engine/__tests__/system-user.test.ts +57 -0
package/src/engine/__tests__/validation-hooks.test.ts +71 -0
package/src/engine/access.ts +23 -0
package/src/engine/boot-validator.ts +1528 -0
package/src/engine/build-app-schema.ts +125 -0
package/src/engine/config-helpers.ts +115 -0
package/src/engine/constants.ts +85 -0
package/src/engine/create-app.ts +98 -0
package/src/engine/define-feature.ts +702 -0
package/src/engine/define-handler.ts +78 -0
package/src/engine/define-roles.ts +19 -0
package/src/engine/effective-features.ts +87 -0
package/src/engine/entity-handlers.ts +364 -0
package/src/engine/event-helpers.ts +73 -0
package/src/engine/factories.ts +328 -0
package/src/engine/feature-ast/__tests__/canonical-form.test.ts +416 -0
package/src/engine/feature-ast/__tests__/parse-happy-path.test.ts +197 -0
package/src/engine/feature-ast/__tests__/parse-real-features.test.ts +128 -0
package/src/engine/feature-ast/__tests__/parse.test.ts +888 -0
package/src/engine/feature-ast/__tests__/patch.test.ts +360 -0
package/src/engine/feature-ast/__tests__/patcher.test.ts +469 -0
package/src/engine/feature-ast/__tests__/render-roundtrip.test.ts +287 -0
package/src/engine/feature-ast/extractors.ts +2562 -0
package/src/engine/feature-ast/index.ts +105 -0
package/src/engine/feature-ast/parse.ts +369 -0
package/src/engine/feature-ast/patch.ts +525 -0
package/src/engine/feature-ast/patcher.ts +518 -0
package/src/engine/feature-ast/patterns.ts +434 -0
package/src/engine/feature-ast/render.ts +602 -0
package/src/engine/feature-ast/source-location.ts +45 -0
package/src/engine/field-access.ts +120 -0
package/src/engine/index.ts +254 -0
package/src/engine/ownership.ts +337 -0
package/src/engine/parse-ref-target.ts +22 -0
package/src/engine/pattern-library/__tests__/library.test.ts +351 -0
package/src/engine/pattern-library/index.ts +24 -0
package/src/engine/pattern-library/library.ts +1117 -0
package/src/engine/pattern-library/types.ts +255 -0
package/src/engine/projection-helpers.ts +85 -0
package/src/engine/qualified-name.ts +122 -0
package/src/engine/read-claim.ts +31 -0
package/src/engine/registry.ts +1325 -0
package/src/engine/resolve-config-or-param.ts +153 -0
package/src/engine/run-in.ts +29 -0
package/src/engine/schema-builder.ts +175 -0
package/src/engine/screen-filter-ops.ts +51 -0
package/src/engine/state-machine.ts +70 -0
package/src/engine/system-user.ts +32 -0
package/src/engine/types/config.ts +306 -0
package/src/engine/types/event-type-map.ts +37 -0
package/src/engine/types/feature.ts +574 -0
package/src/engine/types/fields.ts +422 -0
package/src/engine/types/handlers.ts +742 -0
package/src/engine/types/hooks.ts +142 -0
package/src/engine/types/http-route.ts +54 -0
package/src/engine/types/identifiers.ts +47 -0
package/src/engine/types/index.ts +208 -0
package/src/engine/types/nav.ts +46 -0
package/src/engine/types/projection.ts +132 -0
package/src/engine/types/relations.ts +51 -0
package/src/engine/types/screen.ts +452 -0
package/src/engine/types/workspace.ts +42 -0
package/src/engine/validation.ts +33 -0
package/src/entrypoint/__tests__/entrypoint-job-wiring.integration.ts +173 -0
package/src/entrypoint/__tests__/split-deploy.integration.ts +297 -0
package/src/entrypoint/index.ts +442 -0
package/src/errors/__tests__/classes.test.ts +371 -0
package/src/errors/__tests__/write-failures.test.ts +109 -0
package/src/errors/classes.ts +249 -0
package/src/errors/i18n/de.yaml +83 -0
package/src/errors/i18n/en.yaml +80 -0
package/src/errors/index.ts +41 -0
package/src/errors/kumiko-error.ts +67 -0
package/src/errors/reasons.ts +36 -0
package/src/errors/serialize.ts +136 -0
package/src/errors/transition-details.ts +30 -0
package/src/errors/write-error-info.ts +123 -0
package/src/errors/zod-bridge.ts +49 -0
package/src/event-store/__tests__/admin-api.integration.ts +361 -0
package/src/event-store/__tests__/event-store.integration.ts +584 -0
package/src/event-store/__tests__/get-stream-version-perf.integration.ts +83 -0
package/src/event-store/__tests__/perf.integration.ts +255 -0
package/src/event-store/__tests__/snapshot.integration.ts +267 -0
package/src/event-store/__tests__/upcaster-dead-letter.integration.ts +204 -0
package/src/event-store/__tests__/upcaster.integration.ts +460 -0
package/src/event-store/admin-api.ts +257 -0
package/src/event-store/archive.ts +106 -0
package/src/event-store/errors.ts +35 -0
package/src/event-store/event-store.ts +405 -0
package/src/event-store/events-schema.ts +90 -0
package/src/event-store/index.ts +50 -0
package/src/event-store/snapshot.ts +210 -0
package/src/event-store/upcaster-dead-letter.ts +119 -0
package/src/event-store/upcaster.ts +147 -0
package/src/files/__tests__/content-disposition.test.ts +123 -0
package/src/files/__tests__/file-field-column.integration.ts +103 -0
package/src/files/__tests__/file-field-pipeline.integration.ts +211 -0
package/src/files/__tests__/file-handle.test.ts +122 -0
package/src/files/__tests__/files.integration.ts +830 -0
package/src/files/__tests__/storage-tracking.integration.ts +153 -0
package/src/files/content-disposition.ts +55 -0
package/src/files/file-handle.ts +63 -0
package/src/files/file-ref-table.ts +22 -0
package/src/files/file-routes.ts +353 -0
package/src/files/in-memory-provider.ts +62 -0
package/src/files/index.ts +29 -0
package/src/files/local-provider.ts +35 -0
package/src/files/storage-tracking.ts +60 -0
package/src/files/types.ts +118 -0
package/src/i18n/__tests__/i18n.test.ts +72 -0
package/src/i18n/index.ts +29 -0
package/src/jobs/__tests__/job-event-trigger.integration.ts +172 -0
package/src/jobs/__tests__/job-multi-trigger.integration.ts +144 -0
package/src/jobs/__tests__/jobs.integration.ts +566 -0
package/src/jobs/index.ts +2 -0
package/src/jobs/job-runner.ts +574 -0
package/src/lifecycle/__tests__/create-test-lifecycle.ts +19 -0
package/src/lifecycle/__tests__/lifecycle-server.integration.ts +108 -0
package/src/lifecycle/__tests__/lifecycle.test.ts +212 -0
package/src/lifecycle/__tests__/signal-handlers.test.ts +106 -0
package/src/lifecycle/index.ts +13 -0
package/src/lifecycle/lifecycle.ts +160 -0
package/src/lifecycle/signal-handlers.ts +62 -0
package/src/logging/__tests__/pino-trace-bridge.test.ts +50 -0
package/src/logging/index.ts +3 -0
package/src/logging/pino-logger.ts +64 -0
package/src/logging/types.ts +7 -0
package/src/migrations/__tests__/compare-snapshots.test.ts +150 -0
package/src/migrations/__tests__/detect-drift.integration.ts +320 -0
package/src/migrations/__tests__/detect-projections-to-rebuild.integration.ts +134 -0
package/src/migrations/__tests__/rebuild-marker.test.ts +79 -0
package/src/migrations/index.ts +28 -0
package/src/migrations/projection-detection.ts +149 -0
package/src/migrations/rebuild-marker.ts +64 -0
package/src/migrations/schema-drift.ts +395 -0
package/src/observability/__tests__/console-provider.test.ts +67 -0
package/src/observability/__tests__/metric-validator.test.ts +87 -0
package/src/observability/__tests__/noop-provider.test.ts +82 -0
package/src/observability/__tests__/observability.integration.ts +559 -0
package/src/observability/__tests__/prometheus-meter.test.ts +144 -0
package/src/observability/__tests__/recording-meter.test.ts +101 -0
package/src/observability/__tests__/recording-tracer.test.ts +110 -0
package/src/observability/__tests__/sensitive-filter.test.ts +98 -0
package/src/observability/console-provider.ts +130 -0
package/src/observability/context.ts +26 -0
package/src/observability/fallback.ts +34 -0
package/src/observability/ids.ts +25 -0
package/src/observability/index.ts +79 -0
package/src/observability/metric-validator.ts +86 -0
package/src/observability/metrics-handle.ts +56 -0
package/src/observability/noop-provider.ts +146 -0
package/src/observability/prometheus-meter.ts +284 -0
package/src/observability/recording-meter.ts +156 -0
package/src/observability/recording-tracer.ts +198 -0
package/src/observability/redis-wrapper.ts +132 -0
package/src/observability/sensitive-filter.ts +108 -0
package/src/observability/standard-metrics.ts +213 -0
package/src/observability/types/index.ts +29 -0
package/src/observability/types/metric.ts +56 -0
package/src/observability/types/provider.ts +32 -0
package/src/observability/types/span.ts +64 -0
package/src/pipeline/__tests__/archive-stream.integration.ts +220 -0
package/src/pipeline/__tests__/auth-claims-resolver.test.ts +279 -0
package/src/pipeline/__tests__/cascade-handler.integration.ts +419 -0
package/src/pipeline/__tests__/cascade-handler.test.ts +52 -0
package/src/pipeline/__tests__/causation-chain.integration.ts +206 -0
package/src/pipeline/__tests__/ctx-bridge.integration.ts +234 -0
package/src/pipeline/__tests__/dispatcher.test.ts +379 -0
package/src/pipeline/__tests__/distributed-lock.integration.ts +67 -0
package/src/pipeline/__tests__/domain-events-projections.integration.ts +323 -0
package/src/pipeline/__tests__/event-dedup.integration.ts +153 -0
package/src/pipeline/__tests__/event-define-event-strict.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-lifecycle.integration.ts +220 -0
package/src/pipeline/__tests__/event-dispatcher-multi-instance.integration.ts +423 -0
package/src/pipeline/__tests__/event-dispatcher-pg-listen.integration.ts +123 -0
package/src/pipeline/__tests__/event-dispatcher-recovery.integration.ts +202 -0
package/src/pipeline/__tests__/event-dispatcher-second-audit.integration.ts +290 -0
package/src/pipeline/__tests__/event-dispatcher-strict.test.ts +65 -0
package/src/pipeline/__tests__/event-dispatcher.integration.ts +287 -0
package/src/pipeline/__tests__/event-retention.integration.ts +239 -0
package/src/pipeline/__tests__/fetch-for-writing.integration.ts +281 -0
package/src/pipeline/__tests__/lifecycle-pipeline.test.ts +430 -0
package/src/pipeline/__tests__/load-aggregate-query.integration.ts +266 -0
package/src/pipeline/__tests__/msp-error-mode.integration.ts +149 -0
package/src/pipeline/__tests__/msp-multi-hop.integration.ts +228 -0
package/src/pipeline/__tests__/msp-rebuild.integration.ts +368 -0
package/src/pipeline/__tests__/multi-stream-projection.integration.ts +341 -0
package/src/pipeline/__tests__/perf-rebuild.integration.ts +147 -0
package/src/pipeline/__tests__/projection-rebuild.integration.ts +551 -0
package/src/pipeline/__tests__/query-projection.integration.ts +201 -0
package/src/pipeline/__tests__/redis-pipeline.integration.ts +306 -0
package/src/pipeline/append-event-core.ts +117 -0
package/src/pipeline/auth-claims-resolver.ts +103 -0
package/src/pipeline/cascade-handler.ts +113 -0
package/src/pipeline/dispatcher.ts +1585 -0
package/src/pipeline/distributed-lock.ts +37 -0
package/src/pipeline/entity-cache.ts +113 -0
package/src/pipeline/event-consumer-state.ts +108 -0
package/src/pipeline/event-dedup.ts +23 -0
package/src/pipeline/event-dispatcher.ts +1016 -0
package/src/pipeline/event-retention.ts +154 -0
package/src/pipeline/idempotency.ts +76 -0
package/src/pipeline/index.ts +66 -0
package/src/pipeline/lifecycle-pipeline.ts +409 -0
package/src/pipeline/msp-rebuild.ts +242 -0
package/src/pipeline/multi-stream-apply-context.ts +115 -0
package/src/pipeline/projection-rebuild.ts +334 -0
package/src/pipeline/projection-state.ts +72 -0
package/src/pipeline/projections-runner.ts +56 -0
package/src/pipeline/redis-keys.ts +11 -0
package/src/pipeline/system-hooks.ts +190 -0
package/src/random/__tests__/generate.test.ts +149 -0
package/src/random/generate.ts +141 -0
package/src/random/index.ts +8 -0
package/src/random/words.ts +392 -0
package/src/rate-limit/__tests__/dispatcher-l3.integration.ts +111 -0
package/src/rate-limit/__tests__/middleware.integration.ts +189 -0
package/src/rate-limit/__tests__/resolver.integration.ts +189 -0
package/src/rate-limit/bucket.ts +36 -0
package/src/rate-limit/index.ts +14 -0
package/src/rate-limit/middleware.ts +152 -0
package/src/rate-limit/resolver.ts +267 -0
package/src/redis/__tests__/redis-options.test.ts +54 -0
package/src/redis/index.ts +74 -0
package/src/search/__tests__/meilisearch-adapter.integration.ts +236 -0
package/src/search/__tests__/search-adapter.test.ts +256 -0
package/src/search/in-memory-adapter.ts +123 -0
package/src/search/index.ts +12 -0
package/src/search/meilisearch-adapter.ts +106 -0
package/src/search/types.ts +39 -0
package/src/secrets/__tests__/dek-cache.test.ts +213 -0
package/src/secrets/__tests__/env-master-key-provider.test.ts +119 -0
package/src/secrets/__tests__/envelope.test.ts +74 -0
package/src/secrets/__tests__/leak-guard.test.ts +92 -0
package/src/secrets/__tests__/rotation.test.ts +149 -0
package/src/secrets/dek-cache.ts +116 -0
package/src/secrets/env-master-key-provider.ts +162 -0
package/src/secrets/envelope.ts +55 -0
package/src/secrets/index.ts +19 -0
package/src/secrets/leak-guard.ts +87 -0
package/src/secrets/rotation.ts +34 -0
package/src/secrets/types.ts +107 -0
package/src/stack/db.ts +104 -0
package/src/stack/event-collector.ts +23 -0
package/src/stack/index.ts +32 -0
package/src/stack/redis.ts +44 -0
package/src/stack/request-helper.ts +168 -0
package/src/stack/table-helpers.ts +104 -0
package/src/stack/test-stack.ts +357 -0
package/src/stack/test-users.ts +37 -0
package/src/testing/__tests__/e2e-generator.test.ts +230 -0
package/src/testing/__tests__/ensure-entity-table.integration.ts +54 -0
package/src/testing/access-assertions.ts +15 -0
package/src/testing/assertions.ts +35 -0
package/src/testing/e2e-generator.ts +465 -0
package/src/testing/expect-error.ts +25 -0
package/src/testing/handler-context.ts +125 -0
package/src/testing/http-cookies.ts +52 -0
package/src/testing/index.ts +41 -0
package/src/testing/late-bound.ts +39 -0
package/src/testing/mutable-master-key-provider.ts +31 -0
package/src/testing/observability-recorder.ts +54 -0
package/src/testing/shared-entities.ts +49 -0
package/src/testing/utils.ts +1 -0
package/src/testing/wait-for.ts +31 -0
package/src/time/__tests__/polyfill.test.ts +73 -0
package/src/time/__tests__/tz-context.test.ts +121 -0
package/src/time/index.ts +21 -0
package/src/time/polyfill.ts +70 -0
package/src/time/tz-context.ts +107 -0
package/src/ui-types/app-schema.ts +57 -0
package/src/ui-types/index.ts +65 -0
package/src/utils/__tests__/assert.test.ts +17 -0
package/src/utils/__tests__/env-parse.test.ts +54 -0
package/src/utils/assert.ts +18 -0
package/src/utils/env-parse.ts +16 -0
package/src/utils/ids.ts +16 -0
package/src/utils/index.ts +5 -0
package/src/utils/safe-json.ts +30 -0
package/src/utils/serialization.ts +7 -0

package/src/engine/types/feature.ts ADDED Viewed

@@ -0,0 +1,574 @@
+import type { ZodType, z } from "zod";
+import type { QueryHandlerDefinition, WriteHandlerDefinition } from "../define-handler";
+import type {
+  ConfigKeyDefinition,
+  ConfigKeyHandle,
+  ConfigKeyType,
+  JobDefinition,
+  JobHandlerFn,
+  NotificationDataFn,
+  NotificationDefinition,
+  NotificationRecipientFn,
+  NotificationTemplateFn,
+  ReferenceDataDef,
+  RegistrarExtensionDef,
+  RegistrarExtensionRegistration,
+  TranslationKeys,
+  TranslationsDef,
+} from "./config";
+import type { EntityDefinition } from "./fields";
+import type {
+  AccessRule,
+  AuthClaimsFn,
+  AuthClaimsHookDef,
+  ClaimKeyDefinition,
+  ClaimKeyHandle,
+  ClaimKeyType,
+  EntityRef,
+  EventDef,
+  EventMigrationDef,
+  EventUpcastFn,
+  HandlerRef,
+  NameOrRef,
+  QualifiedEventName,
+  QueryHandlerDef,
+  QueryHandlerFn,
+  RateLimitOption,
+  WriteHandlerDef,
+  WriteHandlerFn,
+} from "./handlers";
+import type {
+  EntityHookMap,
+  HookMap,
+  HookPhase,
+  PostDeleteHookFn,
+  PostSaveHookFn,
+  PreDeleteHookFn,
+  PreQueryHookFn,
+  PreSaveHookFn,
+  ValidationHookFn,
+} from "./hooks";
+import type { HttpRouteDefinition } from "./http-route";
+import type { NavDefinition } from "./nav";
+import type { MultiStreamProjectionDefinition, ProjectionDefinition } from "./projection";
+import type { EntityRelations, RelationDefinition } from "./relations";
+import type { ScreenDefinition } from "./screen";
+import type { WorkspaceDefinition } from "./workspace";
+// --- Metrics (declared by features via r.metric()) ---
+export type FeatureMetricType = "counter" | "histogram" | "gauge";
+// The user-facing short form written in a feature. The Framework prefixes it
+// with `kumiko_<featureName>_` to produce the fully-qualified Prometheus name.
+export type FeatureMetricDef = {
+  readonly shortName: string;
+  readonly type: FeatureMetricType;
+  readonly description?: string;
+  readonly labels?: readonly string[];
+  readonly buckets?: readonly number[];
+  readonly unit?: string;
+  // When true, Framework auto-adds tenant_id to labels (ctx-driven). Default
+  // false — cardinality multiplies by tenant count, so opt-in.
+  readonly tenantLabel?: boolean;
+};
+export type MetricOptions = Omit<FeatureMetricDef, "shortName">;
+// --- Secret Keys (declared by features via r.secret()) ---
+// A feature-declared secret. The fully-qualified name is
+// `<featureName>:<shortName>` — the Framework prefixes. Ops see the
+// qualified name in list / audit; feature code reads it via
+// ctx.secrets.get(tenantId, SecretKeys.stripeKey) with the typed handle.
+export type SecretKeyDefinition = {
+  // Short name inside the feature (e.g. "stripe.apiKey"). Qualified to
+  // `<feature>:<shortName>` at registry-build time.
+  readonly shortName: string;
+  // Qualified name — `<feature>:<shortName>`. Set during registry build.
+  readonly qualifiedName: string;
+  // i18n label for TenantAdmin UI.
+  readonly label: { readonly [locale: string]: string };
+  // Optional redaction function. Takes the plaintext, returns the preview
+  // shown in list handlers. Default is first-3-chars + bullets.
+  readonly redact?: (plaintext: string) => string;
+  // Short human hint shown in UI ("Find this in your Stripe dashboard ...").
+  readonly hint?: { readonly [locale: string]: string };
+  // Per-secret scope. v1 only "tenant" — user / system scopes ship in v2.
+  readonly scope: "tenant";
+};
+export type SecretOptions = Omit<SecretKeyDefinition, "shortName" | "qualifiedName">;
+// Typed reference returned by r.secret(). Lets feature code pass a
+// strongly-named handle to ctx.secrets.get instead of retyping the
+// qualified string. Parallels ConfigKeyHandle from the config system.
+export type SecretKeyHandle = {
+  readonly name: string;
+};
+// --- Feature Definition (output of defineFeature) ---
+export type FeatureDefinition = {
+  readonly name: string;
+  readonly systemScope: boolean;
+  // Set from the setup-callback return — typed via `defineFeature<TExports>`.
+  // `undefined` for setups that return nothing.
+  readonly exports?: unknown;
+  readonly requires: readonly string[];
+  readonly optionalRequires: readonly string[];
+  // Declared via r.toggleable({ default }). Presence makes the feature
+  // operator-switchable via the feature-toggles bundled feature; absence
+  // means the feature is always-on (e.g. auth, tenant, user — core infra
+  // that would brick the system if switchable).
+  readonly toggleableDefault?: boolean;
+  readonly entities: Readonly<Record<string, EntityDefinition>>;
+  readonly relations: Readonly<Record<string, EntityRelations>>;
+  readonly writeHandlers: Readonly<Record<string, WriteHandlerDef>>;
+  readonly queryHandlers: Readonly<Record<string, QueryHandlerDef>>;
+  readonly translations: TranslationKeys;
+  readonly hooks: HookMap;
+  readonly entityHooks: EntityHookMap;
+  readonly configKeys: Readonly<Record<string, ConfigKeyDefinition>>;
+  readonly jobs: Readonly<Record<string, JobDefinition>>;
+  readonly registrarExtensions: Readonly<Record<string, RegistrarExtensionDef>>;
+  readonly extensionUsages: readonly RegistrarExtensionRegistration[];
+  readonly referenceData: readonly ReferenceDataDef[];
+  readonly notifications: Readonly<Record<string, NotificationDefinition>>;
+  readonly events: Readonly<Record<string, EventDef>>;
+  // Event schema migrations declared via r.eventMigration(). Keyed by event
+  // short-name; each entry carries the step transforms (fromVersion →
+  // toVersion). The registry stitches these with the defineEvent-declared
+  // current version and exposes a per-qualified-name upcaster chain.
+  readonly eventMigrations: Readonly<Record<string, readonly EventMigrationDef[]>>;
+  readonly configReads: readonly string[];
+  // Handler → entity mapping inferred from the colon convention
+  // ("entityName:verb") via tryMapEntity in defineFeature.
+  readonly handlerEntityMappings: Readonly<Record<string, string>>;
+  // Metrics declared via r.metric(). Short names — Framework prefixes on boot.
+  readonly metrics: Readonly<Record<string, FeatureMetricDef>>;
+  // Secret keys declared via r.secret(). Short names — Framework prefixes to
+  // "<feature>:<short>" during registry build.
+  readonly secretKeys: Readonly<Record<string, SecretKeyDefinition>>;
+  // Projections declared via r.projection(). Keyed by projection name; executor
+  // looks them up by source-entity at write-time.
+  readonly projections: Readonly<Record<string, ProjectionDefinition>>;
+  // Multi-stream projections — cross-aggregate async read-models. Keyed by
+  // short name; the dispatcher wraps each into an EventConsumer with its
+  // own cursor.
+  readonly multiStreamProjections: Readonly<Record<string, MultiStreamProjectionDefinition>>;
+  // Auth-claims hooks declared via r.authClaims(). Executed at login (and
+  // switch-tenant) time; their returned records are merged into
+  // SessionUser.claims under the auto-prefix "<featureName>:<key>".
+  readonly authClaimsHooks: readonly AuthClaimsFn[];
+  // Declared claim keys via r.claimKey(). Shorts keyed by their JS-side
+  // short name, qualified name qualified at registration time.
+  readonly claimKeys: Readonly<Record<string, ClaimKeyDefinition>>;
+  // Screen definitions declared via r.screen(). Keyed by the feature-local
+  // short id; the registry qualifies to "<feature>:screen:<id>" on boot.
+  // Pure data — ui-core + renderer packages interpret; engine only stores
+  // and validates entity/field references against the feature's entities.
+  readonly screens: Readonly<Record<string, ScreenDefinition>>;
+  // Nav entries declared via r.nav(). Keyed by the feature-local short id;
+  // registry qualifies to "<feature>:nav:<id>". Flat list — the renderer's
+  // resolveNavigation assembles the tree from parent refs at mount time.
+  readonly navs: Readonly<Record<string, NavDefinition>>;
+  // Workspaces declared via r.workspace(). Keyed by feature-local short id;
+  // registry qualifies to "<feature>:workspace:<id>". Pure UI metadata —
+  // shellWorkspaces consumes the resolved per-workspace nav list at mount
+  // time; engine validates roles + nav refs at boot.
+  readonly workspaces: Readonly<Record<string, WorkspaceDefinition>>;
+  // HTTP-Routes declared via r.httpRoute(). Index is "METHOD path"
+  // (z.B. "GET /feed.xml") — eindeutig pro Feature. Die App-Server-
+  // Boot-Stage iteriert getAllHttpRoutes() und mountet jede Route auf
+  // den Hono-app (außerhalb /api/*). Pattern symmetrisch zu queryHandlers/
+  // writeHandlers — Routes leben mit dem Feature, nicht im Bootstrap.
+  readonly httpRoutes: Readonly<Record<string, HttpRouteDefinition>>;
+};
+// --- Feature Registrar (the "r" object in defineFeature) ---
+type RefOrRefs = NameOrRef | readonly NameOrRef[];
+/**
+ * `TFeature` is the literal feature-name from `defineFeature("foo", ...)` —
+ * default-`string` keeps every existing usage zero-config. Strict-typed
+ * features (apps that opt into the literal-name flavour) get propagated
+ * through to `defineEvent` so the returned `EventDef.name` is a literal
+ * `${CamelToKebab<TFeature>}:event:${CamelToKebab<TInner>}`. That literal
+ * threads through `ctx.appendEvent({ type: eventDef.name, ... })`,
+ * keeping strict-mode alive even when handlers route via `eventDef.name`
+ * instead of hand-typed string literals.
+ */
+export type FeatureRegistrar<TFeature extends string = string> = {
+  systemScope(): void;
+  requires(...featureNames: string[]): void;
+  optionalRequires(...featureNames: string[]): void;
+  // Declare the feature as operator-togglable. `default` is the effective
+  // state when no global-toggle row exists. Must be called at most once per
+  // feature; calling on an always-on feature (e.g. auth/tenant/user) is a
+  // bug the registry catches at boot.
+  toggleable(options: { default: boolean }): void;
+  entity(name: string, definition: EntityDefinition): EntityRef;
+  writeHandler<TName extends string, TSchema extends ZodType>(
+    def: WriteHandlerDefinition<TName, TSchema>,
+  ): HandlerRef;
+  writeHandler<TSchema extends ZodType>(
+    name: string,
+    schema: TSchema,
+    handler: WriteHandlerFn<z.infer<TSchema>>,
+    options?: { access?: AccessRule; rateLimit?: RateLimitOption },
+  ): HandlerRef;
+  queryHandler<TName extends string, TSchema extends ZodType>(
+    def: QueryHandlerDefinition<TName, TSchema>,
+  ): HandlerRef;
+  queryHandler<TSchema extends ZodType>(
+    name: string,
+    schema: TSchema,
+    handler: QueryHandlerFn<z.infer<TSchema>>,
+    options?: { access?: AccessRule; rateLimit?: RateLimitOption },
+  ): HandlerRef;
+  relation(entity: NameOrRef, relationName: string, definition: RelationDefinition): void;
+  hook(type: "validation", target: RefOrRefs, fn: ValidationHookFn): void;
+  hook(type: "preSave", target: RefOrRefs, fn: PreSaveHookFn): void;
+  hook(
+    type: "postSave",
+    target: RefOrRefs,
+    fn: PostSaveHookFn,
+    options?: { phase?: HookPhase },
+  ): void;
+  // preDelete always runs in-transaction (it guards the delete — there is no
+  // meaningful "after" for a pre-hook). No phase option.
+  hook(type: "preDelete", target: RefOrRefs, fn: PreDeleteHookFn): void;
+  hook(
+    type: "postDelete",
+    target: RefOrRefs,
+    fn: PostDeleteHookFn,
+    options?: { phase?: HookPhase },
+  ): void;
+  hook(type: "preQuery", target: RefOrRefs, fn: PreQueryHookFn): void;
+  entityHook(
+    type: "postSave",
+    entity: NameOrRef,
+    fn: PostSaveHookFn,
+    options?: { phase?: HookPhase },
+  ): void;
+  entityHook(type: "preDelete", entity: NameOrRef, fn: PreDeleteHookFn): void;
+  entityHook(
+    type: "postDelete",
+    entity: NameOrRef,
+    fn: PostDeleteHookFn,
+    options?: { phase?: HookPhase },
+  ): void;
+  // Returns a handle map keyed exactly like the input. Pass any handle to
+  // `ctx.config(handle)` to get the value type narrowed by the key's `type`.
+  config<TKeys extends Readonly<Record<string, ConfigKeyDefinition<ConfigKeyType>>>>(definition: {
+    readonly keys: TKeys;
+  }): { readonly [K in keyof TKeys]: ConfigKeyHandle<TKeys[K]["type"]> };
+  job(name: string, options: Omit<JobDefinition, "name" | "handler">, handler: JobHandlerFn): void;
+  notification(
+    name: string,
+    definition: {
+      readonly trigger: { readonly on: NameOrRef };
+      readonly recipient: NotificationRecipientFn;
+      readonly data: NotificationDataFn;
+      readonly templates?: Readonly<Record<string, NotificationTemplateFn>>;
+    },
+  ): void;
+  translations(def: TranslationsDef): void;
+  // Register an event payload shape. Returns the qualified def so callers
+  // can pass `.name` to ctx.appendEvent without hand-building the
+  // "<feature>:event:<short>" string.
+  //
+  // `options.version` declares the CURRENT schema generation. Defaults to 1
+  // on first registration. When you bump the payload shape, raise version
+  // AND register r.eventMigration(shortName, N, N+1, transform) — the
+  // framework refuses to boot if the chain from 1 → version has gaps.
+  defineEvent<const TInner extends string, TPayload>(
+    name: TInner,
+    schema: ZodType<TPayload>,
+    options?: { readonly version?: number },
+  ): EventDef<TPayload, QualifiedEventName<TFeature, TInner>>;
+  // Register a step-wise payload transform for event-schema evolution.
+  // `eventName` is the SHORT name (same as defineEvent). `toVersion` must
+  // be `fromVersion + 1` — chain larger jumps by registering each step.
+  // Transforms are pure functions: old payload in, new payload out. They
+  // run once per read (not once per event persisted), so keep them cheap.
+  eventMigration(
+    eventName: string,
+    fromVersion: number,
+    toVersion: number,
+    transform: EventUpcastFn,
+  ): void;
+  readsConfig(...qualifiedKeys: string[]): void;
+  referenceData(
+    entity: NameOrRef,
+    data: readonly Record<string, unknown>[],
+    options?: { upsertKey?: string },
+  ): void;
+  extendsRegistrar(name: string, def: RegistrarExtensionDef): void;
+  useExtension(extensionName: string, entity: NameOrRef, options?: Record<string, unknown>): void;
+  // Declare a metric. Short name (without kumiko_<feature>_ prefix) — Framework
+  // qualifies it on boot. Validation (snake_case + typ-suffix) runs at boot.
+  // Usage at runtime: ctx.metrics.inc("created_total", { status: "new" }).
+  metric(shortName: string, options: MetricOptions): void;
+  // Declare a secret key. Qualified name follows "<feature>:secret:<kebab>"
+  // via the QN helper. Returns a typed handle so feature code can pass it
+  // to ctx.secrets.get without retyping the qualified string — same
+  // ergonomics as r.config's handle.
+  secret(shortName: string, options: SecretOptions): SecretKeyHandle;
+  // Register a projection driven by events of one or more source entities.
+  // The runtime fires projection.apply[event.type] inside the event-store's
+  // transaction, so projections stay consistent with the events that feed them.
+  projection(definition: ProjectionDefinition): void;
+  // Register a cross-aggregate async projection. The event-dispatcher owns
+  // delivery via a dedicated cursor — at-least-once, strictly-ordered by
+  // events.id. Handlers must be idempotent. Marten's MultiStreamProjection
+  // equivalent: customer billing summaries, cross-feature audit views,
+  // saga state machines where a single view spans many aggregate types.
+  // Omit `table` for pure side-effect handlers (notifications, webhooks,
+  // external-system sync) — the dispatcher still delivers at-least-once with
+  // per-consumer ordering and dead-letter behaviour.
+  multiStreamProjection(definition: MultiStreamProjectionDefinition): void;
+  // Register a function that contributes claims into SessionUser.claims at
+  // login time. Multiple features (and multiple calls within one feature)
+  // are allowed; returns are merged. Keys are auto-prefixed with the feature
+  // name ("<feature>:<key>") — cross-feature collisions are impossible by
+  // construction. Same-feature duplicate keys follow last-wins.
+  //
+  // Hooks run in parallel. If one throws, the error is logged and that
+  // feature's claims are simply missing from the merged record — login
+  // still succeeds. This is a deliberate best-effort policy: identity-facts
+  // are convenience, not access-gates (that's what `roles` + field-access
+  // rules are for).
+  authClaims(fn: AuthClaimsFn): void;
+  // Declare a claim key. Qualified name follows "<feature>:<kebab-short>"
+  // via the QN helper — same convention as r.secret / r.config. Returns a
+  // typed handle so feature code can pass it to `readClaim(user, handle)`
+  // without retyping the qualified string and with the right narrowed
+  // return type.
+  //
+  // Declaring claim keys also turns on a runtime check: when the feature's
+  // r.authClaims hooks return an inner-key not in the declared list, the
+  // resolver logs a warning (the claim still lands in the JWT — declared
+  // or not — so strict-mode isn't on; this is typo-drift protection).
+  claimKey<T extends ClaimKeyType>(
+    shortName: string,
+    options: { readonly type: T },
+  ): ClaimKeyHandle<T>;
+  // Register a screen. The id is the feature-local short name (kebab-case);
+  // the registry qualifies to "<feature>:screen:<id>". Boot-validation checks
+  // that entity-bound screens reference a registered entity and that the
+  // columns / form-field refs name real fields — cross-feature component-QN
+  // validation (r.uiComponent) comes in M4/M5.
+  screen(definition: ScreenDefinition): void;
+  // Register a nav entry. The id is the feature-local short name (kebab-case);
+  // the registry qualifies to "<feature>:nav:<id>". Boot-validation checks
+  // that `screen` and `parent` refs exist (cross-feature QNs allowed) and
+  // that parent chains don't contain cycles.
+  nav(definition: NavDefinition): void;
+  // Register a workspace — a persona-/role-scoped UI surface. Pure UI
+  // composition; the registry qualifies the short id to
+  // "<feature>:workspace:<id>". Boot-validation checks that any nav refs
+  // exist, that workspace ids referenced from r.nav() are real, and that
+  // at most one workspace per app declares `default: true`.
+  workspace(definition: WorkspaceDefinition): void;
+  // Register an HTTP-route owned by this feature. The route is mounted
+  // outside the dispatcher pipeline (= außerhalb /api/write|query|batch),
+  // direkt an die app — Use-Case: RSS/Atom-Feeds, OG-Images, OpenAPI-Specs.
+  // Boot-validation rejects duplicate "method path"-Combinations.
+  // Symmetric to queryHandler/writeHandler — Routes leben mit dem Feature,
+  // nicht im Bootstrap. Escape-hatch für nicht-feature-bound Routes
+  // bleibt runProdApp.extraRoutes.
+  httpRoute(definition: HttpRouteDefinition): void;
+};
+// --- Registry (created from features) ---
+export type Registry = {
+  readonly features: ReadonlyMap<string, FeatureDefinition>;
+  getFeature(name: string): FeatureDefinition | undefined;
+  getEntity(name: string): EntityDefinition | undefined;
+  getWriteHandler(name: string): WriteHandlerDef | undefined;
+  getQueryHandler(name: string): QueryHandlerDef | undefined;
+  getSearchableFields(entityName: string): readonly string[];
+  getSortableFields(entityName: string): readonly string[];
+  getRelations(entityName: string): EntityRelations;
+  getSearchIncludes(entityName: string): ReadonlyMap<string, readonly string[]>;
+  getIncomingRelations(entityName: string): ReadonlyArray<{
+    sourceEntity: string;
+    relationName: string;
+    relation: RelationDefinition;
+  }>;
+  // Hook getters — pass `effectiveFeatures` to drop hooks registered by
+  // globally-disabled features. Omit the arg to get all hooks (legacy
+  // callers + places where the feature-toggles feature isn't wired).
+  getPreSaveHooks(name: string, effectiveFeatures?: ReadonlySet<string>): readonly PreSaveHookFn[];
+  getPostSaveHooks(
+    name: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PostSaveHookFn[];
+  getPreDeleteHooks(
+    name: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PreDeleteHookFn[];
+  getPostDeleteHooks(
+    name: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PostDeleteHookFn[];
+  getPreQueryHooks(
+    name: string,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PreQueryHookFn[];
+  getEntityPostSaveHooks(
+    entityName: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PostSaveHookFn[];
+  getEntityPreDeleteHooks(
+    entityName: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PreDeleteHookFn[];
+  getEntityPostDeleteHooks(
+    entityName: string,
+    phase?: HookPhase,
+    effectiveFeatures?: ReadonlySet<string>,
+  ): readonly PostDeleteHookFn[];
+  getHandlerEntity(qualifiedHandler: string): string | undefined;
+  isHandlerSystemScoped(qualifiedHandler: string): boolean;
+  getHandlerFeature(qualifiedHandler: string): string | undefined;
+  // True iff at least one registered handler declares a `rateLimit`
+  // option. Pre-computed at registry-build so the boot path can skip
+  // wiring the RateLimitResolver (and its Lua-script registration on
+  // Redis) entirely when nobody opted in. Per-request cost stays zero
+  // for apps that don't use the feature.
+  hasRateLimitedHandler(): boolean;
+  // All metrics from all features, keyed by fully-qualified name
+  // (kumiko_<feature>_<shortName>). Consumed at boot to register them on the
+  // active Meter.
+  getAllMetrics(): ReadonlyMap<string, FeatureMetricDef & { readonly featureName: string }>;
+  getAllTranslations(): TranslationKeys;
+  getConfigKey(qualifiedKey: string): ConfigKeyDefinition | undefined;
+  getAllConfigKeys(): ReadonlyMap<string, ConfigKeyDefinition>;
+  // Feature-declared secrets, aggregated across all registered features.
+  // Keyed by qualified name ("<feature>:<shortName>"). Used by the rotation
+  // job (to iterate "known" secrets) and admin-UIs to list available keys.
+  getAllSecretKeys(): ReadonlyMap<string, SecretKeyDefinition>;
+  getSecretKey(qualifiedName: string): SecretKeyDefinition | undefined;
+  getJob(qualifiedName: string): JobDefinition | undefined;
+  getAllJobs(): ReadonlyMap<string, JobDefinition>;
+  getEvent(qualifiedName: string): EventDef | undefined;
+  // Upcaster chain per qualified event name. Entries describe the current
+  // schema version and the step-wise transforms that upgrade older stored
+  // payloads. Empty chain when an event has never been migrated (version=1).
+  getEventUpcasters(): ReadonlyMap<
+    string,
+    { readonly currentVersion: number; readonly chain: ReadonlyMap<number, EventUpcastFn> }
+  >;
+  getExtension(name: string): RegistrarExtensionDef | undefined;
+  getExtensionUsages(extensionName: string): readonly RegistrarExtensionRegistration[];
+  getAllNotifications(): ReadonlyMap<string, NotificationDefinition>;
+  getAllReferenceData(): readonly ReferenceDataDef[];
+  // Look up projections by source-entity name. Empty list when no projection
+  // feeds off the entity — event-store-executor uses this as the hot-path.
+  getProjectionsForSource(entityName: string): readonly ProjectionDefinition[];
+  getAllProjections(): ReadonlyMap<string, ProjectionDefinition>;
+  // Multi-stream projections registered via r.multiStreamProjection().
+  // Keyed by qualified name. The server wires each into the event-dispatcher
+  // as its own EventConsumer with a dedicated cursor.
+  getAllMultiStreamProjections(): ReadonlyMap<string, MultiStreamProjectionDefinition>;
+  // The feature that registered the given MSP. Used by the event-dispatcher
+  // to pause MSP-consumers whose owning feature is globally disabled.
+  getMultiStreamProjectionFeature(qualifiedName: string): string | undefined;
+  // All r.authClaims() hooks across all features, tagged with the declaring
+  // feature name so the resolver can apply the auto-prefix. Pre-aggregated
+  // at registry-build so the login hot path is a single Map read.
+  getAuthClaimsHooks(): readonly AuthClaimsHookDef[];
+  // Feature-declared claim keys, aggregated across all features. Keyed by
+  // qualified name ("<feature>:<short>"). Ops-UI + Boot-Validator use this
+  // to introspect what claims the app can produce.
+  getAllClaimKeys(): ReadonlyMap<string, ClaimKeyDefinition>;
+  getClaimKey(qualifiedName: string): ClaimKeyDefinition | undefined;
+  // Screens declared via r.screen() across all features. Keyed by qualified
+  // name ("<feature>:screen:<id>"). ui-core / renderer consume this to build
+  // navigation + screen-tree at mount time.
+  getAllScreens(): ReadonlyMap<string, ScreenDefinition>;
+  getScreen(qualifiedName: string): ScreenDefinition | undefined;
+  // The feature that registered the given screen. Consumed by the nav
+  // resolver to gate a nav-entry whose screen belongs to a disabled feature.
+  getScreenFeature(qualifiedName: string): string | undefined;
+  // All entity-bound screens (entityList / entityEdit) that target the given
+  // entity. Pre-grouped so ui-core's view-model builders don't re-filter
+  // getAllScreens() on every render. Custom screens have no entity and are
+  // never returned here — walk getAllScreens() for those.
+  getScreensByEntity(entityName: string): readonly ScreenDefinition[];
+  // Nav entries declared via r.nav() across all features. Keyed by qualified
+  // name ("<feature>:nav:<id>"). Flat list — the renderer's resolveNavigation
+  // assembles the tree from parent refs and gates by effective-features.
+  getAllNavs(): ReadonlyMap<string, NavDefinition>;
+  getNav(qualifiedName: string): NavDefinition | undefined;
+  // The feature that registered the given nav entry. Used by the nav
+  // resolver to drop entries whose owning feature is globally disabled.
+  getNavFeature(qualifiedName: string): string | undefined;
+  // Direct children of the given parent nav entry. Empty array when the
+  // parent has no children. Pre-grouped for O(1) tree-walk — resolveNavigation
+  // recurses with getNavsByParent(child.qn) instead of filtering getAllNavs().
+  getNavsByParent(parentQualifiedName: string): readonly NavDefinition[];
+  // Nav entries that declare no parent — the roots of the navigation tree.
+  // resolveNavigation starts its walk here and descends via getNavsByParent.
+  getTopLevelNavs(): readonly NavDefinition[];
+  // Workspaces declared via r.workspace() across all features. Keyed by
+  // qualified name ("<feature>:workspace:<id>"). The active web shell
+  // (shellWorkspaces) consumes this to render the switcher.
+  getAllWorkspaces(): ReadonlyMap<string, WorkspaceDefinition>;
+  getWorkspace(qualifiedName: string): WorkspaceDefinition | undefined;
+  // The feature that registered the workspace. Mirrors getNavFeature —
+  // lets the resolver drop workspaces whose owning feature is disabled.
+  getWorkspaceFeature(qualifiedName: string): string | undefined;
+  // Resolved nav QNs that belong to the given workspace. Pre-computed at
+  // boot from BOTH r.workspace.nav AND r.nav.workspaces — the shell
+  // doesn't have to merge sources at render time.
+  getWorkspaceNavs(workspaceQualifiedName: string): readonly string[];
+  // The single workspace whose `default: true` is set, if any. Boot
+  // validator rejects more than one. Apps without a default fall back to
+  // the first workspace the user has access to.
+  getDefaultWorkspace(): WorkspaceDefinition | undefined;
+};